Feeds

'Father of Zeus' banking trojan appears at very reasonable price

Kingpin daddy skips sandboxes, ducks AV and pops browsers

Reducing security risks from open source software

A banking trojan dubbed the father of the infamous Zeus malware is being flogged on cybercrime marketplaces for a pricey $7000, says fraud specialist Etay Maor.

The Kronos malware was sold on a cybercrime forum, pitched particularly to Zeus trojan customers given its capabilities to re-use that trojan's form grabbing templates.

Trusteer's Maor said Kronos, which took its name after the father of Zeus in Greek mythology, worked with the most common browsers and could bypass a variety of security mechanisms.

"Consistent with other financial malware developments, it seems that significant time and effort were given to evading security tools used both by end users and security white hats," Maor said in a blog post.

"Because Zeus is the most widely deployed malware, and it is likely that potential clients have used or still use Zeus variants, the authors of Kronos made sure that the HTML injection files used by Zeus operators can be easily implemented with Kronos."

Researchers have not reverse Kronos to determine its capabilities. In an advertisement posted to an undisclosed popular Russian marketplace, the malware was said to be able to rip banking credentials from Internet Explorer, Firefox and Chrome, fend off rival trojans using a 32- or 64- bit rootkit, bypass antivirus and unspecified sandboxing, and establish encrypted command and control communication.

It would be supplemented with continued malware code updates and technical support which were common features of higher-end wares like Zeus and Citadel.

These capabilities were not unique to Kronos but did place the malware in the category of more expensive wares. Most malware sold for hundreds of dollars or like Zeus were simply pirated on the back of source code leaks, but others such as Carberp had in 2010 sold for $15,000.

Kronos was packaged with an appetiser that for $1000 allowed users to test the malware's control panel and bot capabilities.

The malware followed the near scuttling of the Gameover Zeus fraud botnet, a variant of Zeus, which inflicted $100 million in damages and compromised half a million machines. Authors or other developers with the source code in hand had revived the botnet by overhauling the malware so that it swapped peer to peer for fast-flux communications. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.