Feeds

Trojan armed with hardware-based anti-piracy control

Zeus borrows page from Microsoft

Top three mobile application threats

The latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to thwart would-be pirates by introducing a hardware-based product activation scheme similar to what's found in Microsoft Windows.

The newest version with bare-bones capabilities starts at $4,000 and additional features can fetch as much as $10,000. The new feature is designed to prevent what Microsoft refers to as "casual copying" by ensuring that only one computer can run a licensed version of the program. After it is installed, users must obtain a key that's good for just that one machine.

"This is the first time we have seen this level of control for malware," according to an analysis of the latest Zeus version published this week by SecureWorks.

The hardware-based licensing system isn't the only page Zeus creators have borrowed from Microsoft. They've also pushed out multiple flavors of the package that vary in price depending on the capabilities it offers. Just as Windows users can choose between the lower-priced Windows 7 Starter or the more costly Windows 7 Business, bot masters have multiple options for Zeus.

For a mere $500 more, users can get a Zeus module that will allow them to received pilfered data in real time using the Jabber instant messaging client. A module that grabs data out of fields typed into Firefox fetches an extra $2,000, and a virtual network computing module that allows users to establish a fully functioning connection to an infected computer costs $10,000.

The VNC functionality fetches such a high price because it allows criminals to bypass some of the most advanced security measures, such as smartcards and other pieces of hardware that are used to authenticate high-value victims to a bank or other financial institution.

The latest version of Zeus is 1.3.3.7, SecureWorks researcher Kevin Stevens told The Reg. But the authors are already busy working on version 1.4, which is being beta tested. It offers polymorphic encryption that allows the trojan to re-encrypt itself each time it infects a victim, giving each one a unique digital fingerprint. As a result, anti-virus programs, which already struggle mightily to recognize Zeus infections, have an even harder time detecting the menace. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.