Sign In
Register
Help
Quote
Jul28
A Look at ZBOT 2.0 Information Theft
2:01 am (UTC-7) | by Brian Cortes (Threats Analyst)
TSPY_ZBOT.CQJ is one of the new ZeuS/ZBOT 2.0 variants spotted earlier this year. Let's take a look at one of the methods it uses to steal users' banking credentials.
These new ZBOT variants intercept the information users enter into a bank's Web page by inserting predefined Javascript code into the said page. At present, this threat successfully inserts its predefined code when affected users use Internet Explorer and Firefox.
A downloaded ZBOT configuration file contains a list of target websites. It also specifies how these targets will be modified. In some cases, Web forms are added for users to fill in. Here's a screenshot of part of a targeted bank's website:
A Look at ZBOT 2.0 Information Theft
2:01 am (UTC-7) | by Brian Cortes (Threats Analyst)
TSPY_ZBOT.CQJ is one of the new ZeuS/ZBOT 2.0 variants spotted earlier this year. Let's take a look at one of the methods it uses to steal users' banking credentials.
These new ZBOT variants intercept the information users enter into a bank's Web page by inserting predefined Javascript code into the said page. At present, this threat successfully inserts its predefined code when affected users use Internet Explorer and Firefox.
A downloaded ZBOT configuration file contains a list of target websites. It also specifies how these targets will be modified. In some cases, Web forms are added for users to fill in. Here's a screenshot of part of a targeted bank's website:
More on this topic plus screenshots - http://blog.trendmicro.com/
MultiQuote