1. Zeus, also known as Zbot, is a notorious Trojan which infects Windows users and tries to retrieve confidential information from the infected computers. Once it is installed, it also tries to download configuration files and updates from the Internet. The Zeus files are created and customised using a Trojan-building toolkit, which is available.
Zeus has been created to steal private data from the infected systems, such as system information, passwords, banking credentials or other financial details and it can be customized to gather banking details in specific countries and by using various methods.
Using the retrieved information.
Zbot/Zeus is based on the client-server model and requires a Command and Control server to send and receive information across the network. The single Command and Control server is considered to be the weak point in the malware architecture and it is the target of law enforcement agencies when dealing with Zeus.
To counter this weak point, the latest variant of Zeus/Zbot have included a DGA (domain generation algorithm) , which makes the Command and Control servers resistant to takedown attempts. The DGA generates a list of domain names to which the bots try to connect in case the Command and Control server cannot be reached.
Zeus/Zbot, known by many names including PRG and Infostealer.
2. Zeus Gameover (P2P) (Zeus family)
Zeus Gameover is a variant of the Zeus family – the infamous family of financial stealing malware – which relies upon a peer-to-peer botnet infrastructure.
The network configuration removes the need for a centralized Command and Control server, including a DGA (Domain Generation Algorithm) which produces new domains in case the peers cannot be reached . The generated peers in the botnet can act as independent Command and Control servers and are able to download commands or
configuration files between them, finally sending the stolen data to the malicious servers.
Zeus Gameover can be used to collect financial information, targeting
various user data from credentials, credit card numbers and passwords to any other private information which might prove useful in retrieving a victim’s banking information.
3. SpyEye (Zeus family)
SpyEye is a data-stealing malware (similar to Zeus) created to steal money from online bank accounts. This malicious software is capable of stealing bank account credentials, social security numbers and financial information that could be used to empty bank accounts.
This banking Trojan contains a keylogger that tries to retrieve login credentials for online
bank account. The attack toolkit is popular because it can be customised to attack specific institutions or target certain financial data.
SpyEye is able to start a financial transaction as soon as a targeted user initiates an online operation from his bank account.
4. Ice IX (Zeus family)
Ice IX is a modified variant of Zeus, the infamous banking Trojan, one of the most sophisticated pieces of financial malware out there.
This modified variant is used for the purpose of stealing personal and financial information, such as credentials or passwords for the e-mail or the online bank accounts.
Like Zeus, Ice IX can control the displayed content in a browser used for online banking websites. The injected web forms are used to extract banking credentials and other private security information.
Ice IX, the modified version of Zeus, improved a few Zeus capabilities. The most important one is a defence mechanism to evade tracker sites, which monitor at present most Command and Control servers controlled by Zeus.
5. Citadel (Zeus family)
Citadel appeared after the source code of the infamous Zeus leaked in 2011. Due to its open source character, the software code has been reviewed and improved by coders for various malware attacks.
It is an advanced toolkit which can trick users into revealing confidential information and steal banking credentials. The stolen credentials are then used into accessing online accounts and running
transactions.
6. Carberp (Zeus family)
Carberp is a Trojan designed to give attackers the ability to steal private information from online banking platforms accessed by the infected PCs.
This Trojan’s behavior is similar to the other financial malware in the Zeus family and displays stealth abilities from anti malware applications. Carberp is able to steal sensitive data from infected machines and download new data from command-and-control servers.
This Trojan is one of the most widely spread financial stealing malware in Russia. Primarily targeting banking systems and companies which perform a high number of financial transactions, Carberp is not only injecting a code into web pages, but it also tries to exploit several vulnerabilities in the target system so as to escalate to administrative privileges.
Distributed through the typical methods of using malicious e-mail attachments, drive-by downloads or by clicking on a deceptive pop-up window, what is different at this financial malware is the high number of legitimate web resources used to collect information and potentially make transactions.
7. Bugat (Zeus family)
Bugat is another banking Trojan, with similar capabilities to Zeus – the notorious data-stealing Trojan – which is used to steal financial credentials.
Bugat targets an infected user’s browsing activity and harvests information during online banking sessions. It can upload files from an infected computer, download and execute a list of running processes or steal FTP credentials.
Bugat communicates with a command and control server from where it receives instructions and updates to the list of financial websites it targets.
The collected information is sent to the remote server. It is spreads mostly by inserting malicious links in the e-mails sent to the targeted users. When a user clicks a malicious link, he is directed to a
fraudulent website where the Bugat executable downloads on the system.
8. Shylock (Zeus family)
Shylock is a banking malware, designed to retrieve user’s banking credentials.
As soon as it is installed, Shylock communicates with the remote Command and Control servers controlled by the c&c owner, sending and receiving data to and from the infected PCs.
Similar to Zeus Gameover, this malware makes use of a (DGA) Domain generation algorithm which is used to generate a number of domain names that can be used receive commands between the malicious servers and the infected systems.
The Trojan is delivered mostly through drive-by downloads on compromised websites and via malvertising , where malicious code is inserted in adverts that are then placed on legitimate websites.
Another popular method of spreading this financial malware is by inserting malicious JavaScript into a web page . This technique produces a pop-up which pushes the user to download a plugin, apparently necessary for the media display on the website.
9. Torpig (Zeus family)
Torpig is a sophisticated type of malware program designed to harvest sensitive information, such as bank account and credit card information from its victims.
The Torpig botnet – the network of compromised PCs – which are under the control of c&c owner and are the main means for sending spam e-mails or stealing private information or credentials for the online bank accounts. Torpig also uses a DGA (domain generation algorithm) to generate a list of domains names and locate the Command and Control servers used by hackers.
Users are typically infected through drive-by downloads ; a web page on a legitimate website is modified to ask the user for JavaScript code from a web location controlled by the IT criminals. The infected computers run phishing attacks to obtain sensitive data from its victims.
If you know of any malware that you think should be in the list, kindly comment below with its name and available information
No comments:
Post a Comment