Panda Labs reports (pt 1)...banking malware

Was skimming through some interesting reports by Panda Labs. One report (pdf) covers some basic information on banking malware (i.e. malware designed to gather your personal information associated with online banking). The Appendix is particularly interesting. They cover some details on the Zeus Trojan kit. None of the details are new, nor is the combination of them new - still - I found it fun. And available for the low, low price of only $700. For example:

The Trojan runs on the affected user's computer and can carry out the following actions:
  • Socket and Proxy server.
  • Auto update.
  • Using the polymorphic encrypter to generate different copies of itself.
  • Capturing certificates.
  • Changing local DNS.
  • Removing cookies to get the user to re-enter the passwords.
  • Capturing screenshots of the affected computers.
  • Receiving remote control commands.
  • Adding additional fields to a website and monitor the data sent.
  • Stealing passwords stored in several programs (Protected Storage data…) and pop3 and ftp passwords, regardless of the port.
Very cool.


No comments: