SecureWorks researchers uncovered the complicated operation in April when it discovered a unique variant of the well-known Zeus Trojan that targets Windows-based PCs. In addition to stealing login credentials, the Trojan established a virtual private network VPN connection from the infected computer to a remote server using the PPTP Point-to-Point Tunneling Protocol functionality in Windows and listened to a random TCP Transmission Control Protocol port in order to serve as a SOCKS proxy.

via Check counterfeiting using botnets and money mules | InSecurity Complex – CNET News.


Slovenian police have arrested four suspects over allegations that they developed the Mariposa botnet malware.

The arrests follow a joint investigation between the FBI and Slovenian police and come after the earlier arrest of three suspects in Spain, who are charged with distributing Mariposa and using it to hack into online bank accounts.

via Mariposa botnet suspects quizzed in Slovenia • The Register.


Trojan horses that were planted onto the victims’ computers would generate a fake error message and request that the victim re-enter the authorization code. This way, amounts up to €4,000 were transferred to money mules and thence to Eastern Europe.

via Slashdot Your Rights Online Story | Online Banking Trojan Stole Money From Belgians.


Brazilian Banker is a financial Trojan that targets consumers of Brazilian-based banks and other banks in Latin America. The Lab recently traced a social network profile that contained encrypted instructions for a variant of the Brazilian banker Trojan

via Speaking of Security… | Blog Entry: RSA FraudAction Research Lab | Cy: 1684.

After google groups and twitter , here is another example about how a social network  (probably Facebook)  is being (mis)used by bot headers for issuing commands to their zombies.


Initially, the Black Energy bot was created with the aim of conducting DDoS attacks, but with the implementation of plugins in the bot’s second version, the potential of this malware family has become virtually unlimited.

via Inside the Black Energy 2 Botnet | threatpost.

A very detailed analysis of the BE v2 bot.  Is interesting to see how the data are encrypted using the RC4 algorithm.


Hackers have managed to copy the Verified by Visa and MasterCard SecureCode protection features in order to dupe customers at 15 top US banks, a security firm has warned.

via Top US banks targeted by Mastercard and Visa scam | IT PRO.


The latest Zeus bot configuration contains list of targeted financial institution from Spain, Germany, United Kingdom, and USA. The previous versions contains all the list of financial institutions from different countries around the world, while the new version only contains two targeted countries and currently paired as: Spain-Germany and UK-USA

via Zeus Version 3 – Target Spain, Germany, UK, and USA Banks – CA Security Advisor Research Blog.

According to CA , Spanish financial institutions appears to be the most targeted (26%) by this new version of ZBot.


[..] Our team found that these [mobile] Botnets  do one of two things; send messages to all the contacts of the address book directly, or send messages to the random phone numbers by connecting to a server. The viruses will delete the sent messages from the user’s Outbox and SMS log. All messages contain URLs linked to malicious sites that users won’t be able to see until after they’ve fallen into the virus trap.

The Botnets seem to be targeting Symbian S60 3rd and 5th generation operating systems, and our Mobile Security Center estimates 100,000 mobile phones were impacted by them![..]

via Botnet Viruses Captured by NetQin « Netqin’s blog.


This is the first time I’ve seen ZeuS target Russian banks given that online banking is not so popular in Russia. I can recall a few ZeuS/ZBOT samples targeting Yandex services, but I definitely can’t recall anyone targeting MDM Bank or other online Russian banking systems.

via ZeuS/ZBOT Targets Russian Banks | Malware Blog | Trend Micro.


Cybercrooks have developed regionally-targeted banking Trojans that are more likely to slip under the radar of anti-virus defences.[…]

[…]Trusteer cites two pieces of regional malware targeted at UK banking consumers. Silon.var2 crops up on one in every 500 computers in the UK compared to one in 20 000 in the US. Another strain of malware dubbed Agent-DBJP was found on one in 5 000 computers in the UK compared to one in 60 000 in the US[…]

[…]Unlike known malware kits such as Zeus Torpig and Ambler which simultaneously target hundreds of banks and enterprises around the world and are on the radar of all security vendors regional financial malware such as Silon.var2 and Agent.DBJP are highly targeted ” said Mickey Boodaei Trusteer s chief exec.[…]

[…]Silon DBJP and other regional financial malware have been identified through Trusteer s Flashlight service and analysis and investigation results have been shared between participating banks ” explained Amit Klein CTO of Trusteer. “If a bank in a specific region experiences fraud from a new piece of regional malware there is an 80 per cent chance that other banks in the same region will experience in the near future similar losses from this malware ” he added.”

via Regional banking Trojans sneak past security defences • The Register.