Feb10
11:49 pm (UTC-7) | by Jonell Baltazar (Advanced Threats Researcher)
Trend Micro advanced threat researchers recently came across a new ZBOT/Zeus binary file detected as TROJ_ZBOT.BTM.
ZBOT/Zeus variants are well-known for stealing banking information from its victims via various social-engineering tactics (e.g., spammed messages, malicious links sent to social-networking site members in the guise of messages, and compromising legitimate sites), as evidenced by the following documented noteworthy occurrences:
This taunting message shows that cyber criminals have systems that monitor the performance of AV companies in detecting their craft, and they are constantly updating their software to avoid detection.
Trend Micro™ Smart Protection Network™ already protects product users from this threat by blocking user access to the malicious site, http://{BLOCKED}p.com/consc/cons.exe, where the binary file could be downloaded via its Web reputation service and by detecting and preventing the file’s execution on affected systems via its file reputation service.
Non-Trend Micro product users, on the other hand, can also stay protected by using free tools like Web Protection Add-On, which was especially designed to block user access to potentially malicious websites in real-time.
ZBOT/Zeus variants are well-known for stealing banking information from its victims via various social-engineering tactics (e.g., spammed messages, malicious links sent to social-networking site members in the guise of messages, and compromising legitimate sites), as evidenced by the following documented noteworthy occurrences:
- Phishing in the Guise of Enhancing Security
- ZBOT Targets Facebook Again
- Several Compromised Thai Sites Serve Malware
 |
Trend Micro™ Smart Protection Network™ already protects product users from this threat by blocking user access to the malicious site, http://{BLOCKED}p.com/consc/cons.exe, where the binary file could be downloaded via its Web reputation service and by detecting and preventing the file’s execution on affected systems via its file reputation service.
Non-Trend Micro product users, on the other hand, can also stay protected by using free tools like Web Protection Add-On, which was especially designed to block user access to potentially malicious websites in real-time.
