Posts tagged: Zeus

Jan 06 2012

Ramnit Worm Targets Facebook, Over 45,000 Accounts Compromised

Ramnit Worm FacebookMuch has been written about the Ramnit worm and its transformation into a financial malware. And now, Seculert’s research lab has discovered that Ramnit recently started targeting Facebook accounts with considerable success, stealing over 45,000 Facebook login credentials worldwide, mostly from people in the UK and France.

Discovered in April 2010, the Microsoft Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which infects Windows executable as well as HTML files”, “stealing sensitive information such as stored FTP credentials and browser cookies”. In July 2011 a Symantec report estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections.

In August 2011, Trusteer reported that Ramnit went ‘financial’. Following the leakage of the ZeuS source-code in May, it has been suggested that the hackers behind Ramnit merged several financial-fraud spreading capabilities to create a “Hybrid creature” which was empowered by both the scale of the Ramnit infection and the ZeuS financial data-sniffing capabilities.

With the recent ZeuS Facebook worm and this latest Ramnit variant, it appears that sophisticated hackers are now experimenting with replacing the old-school email worms with more up-to-date social network worms. As demonstrated by the 45,000 compromised Facebook subscribers, the viral power of social networks can be manipulated to cause considerable damage to individuals and institutions when it is in the wrong hands.

Seculert has provided Facebook with all of the stolen credentials that were found on the Ramnit servers.

Jul 12 2011

Zeus For Android Steals One-Time Banking Passwords

Android ZeusResearchers have discovered a new variant of the insidious Zeus trojan that is designed to run on Google Android smartphones, security researchers have warned.

The malicious program is a new version of Zitmo, a mobile trojan application first discovered last year that stands for “Zeus in the mobile,” Derek Manky, a senior security strategist at network security firm Fortinet’s FortiGuard Labs, told SCMagazineUS.com on Tuesday.

It is designed to steal mobile transaction authentication numbers (mTANs), or one-time passwords that some banks, mostly in Europe, send via SMS message to mobile users as an additional layer of security.

The malware poses as a legitimate banking security application called Rapport, which is made by web security firm Trusteer. Once installed, the bogus app intercepts all incoming SMS messages and forwards them to a remote server.

Mickey Boodaei, CEO of Trusteer, told SCMagazineUS.com on Tuesday that Zitmo’s masterminds leveraged his company’s name to gain users’ trust. The program spread for four to five days during late May and early June, but the servers supporting the operation were taken offline more than a month ago.

The Zitmo variant for Android worked in conjunction with Zeus version 2.1.0.10, Boodaei said. Once a user’s PC was infected with Zeus, the malware tried to trick them into downloading Zitmo on their smartphone.

The Zitmo family of malware has also previously targeted Symbian, BlackBerry and Windows Mobile phones, Boodaei said.

Zitmo is the first malicious mobile application designed to work in combination with a Windows trojan.