Security researchers warn that multiple recent Zbot variants are using a forged digital signature in an attempt to bypass antivurs detection. Ironically the digital signature was copied from a ZeuS removal tool developed by Kaspersky Lab.

[..]

There have been isolated cases of digitally-signed malware before, but the practice never really took off, primarily because malware authors believed the effort doesn’t justify the benefits.

[..]

via Zbot Authors Forge Kaspersky Digital Signature – Copy it from ZeuZ removal tool – Softpedia.

Trusteer, the leading provider of secure browsing services, today announced that it has uncovered a large Zeus version 2 botnet being used to conduct financial fraud in the UK which is operated and controlled from Eastern Europe. The botnet appears to be controlling more than 100,000 infected computers, 98% of which are UK Internet users.

via Trusteer: Trusteer uncovers Zeus botnet that plunders over 100,000 UK Internet user credentials.

According to a newly published report by AVG, upon obtaining access to a mini ZeuS botnet dubbed Mumba, part of Avalanche group’s online operations, they found 60GB of stolen data such as, accounting details for social networking sites, banking accounts, credit card numbers and intercepted emails.

via Researchers peek inside a mini ZeuS botnet, find 60GB of stolen data | ZDNet.

Three-month-long investigation by CTU uncovers inner workings of Russian check counterfeiting operation. SecureWorks has notified and is working with law enforcement on this scam. SecureWorks has protections in place for both the Zeus and the Gozi Trojans which are utilized in this scam.

via Big Boss Check Counterfeiting Ring – Research – SecureWorks.

SecureWorks researchers uncovered the complicated operation in April when it discovered a unique variant of the well-known Zeus Trojan that targets Windows-based PCs. In addition to stealing login credentials, the Trojan established a virtual private network VPN connection from the infected computer to a remote server using the PPTP Point-to-Point Tunneling Protocol functionality in Windows and listened to a random TCP Transmission Control Protocol port in order to serve as a SOCKS proxy.

via Check counterfeiting using botnets and money mules | InSecurity Complex – CNET News.

Hackers have managed to copy the Verified by Visa and MasterCard SecureCode protection features in order to dupe customers at 15 top US banks, a security firm has warned.

via Top US banks targeted by Mastercard and Visa scam | IT PRO.

The latest Zeus bot configuration contains list of targeted financial institution from Spain, Germany, United Kingdom, and USA. The previous versions contains all the list of financial institutions from different countries around the world, while the new version only contains two targeted countries and currently paired as: Spain-Germany and UK-USA

via Zeus Version 3 – Target Spain, Germany, UK, and USA Banks – CA Security Advisor Research Blog.

According to CA , Spanish financial institutions appears to be the most targeted (26%) by this new version of ZBot.

This is the first time I’ve seen ZeuS target Russian banks given that online banking is not so popular in Russia. I can recall a few ZeuS/ZBOT samples targeting Yandex services, but I definitely can’t recall anyone targeting MDM Bank or other online Russian banking systems.

via ZeuS/ZBOT Targets Russian Banks | Malware Blog | Trend Micro.

The latest in the string of “bulletproof” ISPs has been taken down on Friday after its upstream service provider DIGERNET has been disconnected. PROXIEZ-NET went down making its claims of being immune to shutdowns untrue. According to The Register just days before the shutdown PROXIEZ-NET found its way to the Spamhaus block list for “acting as a ZeuS botnet C&C or hosting binaries dropzones for the ZeuS botnet.”

via Zeus-friendly ISP taken down.

This time, the malware upholds it notorious reputation with a new version related to previous detections TSPY_ZBOT.CRM and TSPY_ZBOT.CQJ.

ZBOT variants steal account credentials when users visit various social networking, online shopping, and bank-related websites. They have rapidly become popular tools for cybercriminals to use, thanks to exceptional information-stealing routines and rootkit capabilities, which allows them to stay stealthy and to affect users’ systems without their knowledge.

via Trend Micro.