After analyzing the feedback from the company’s Smart Protection Network, Trend Micro researchers have noted an upswing in attempted Zeus \/ Zbot Trojan infections. After being practically non-existent in January, the rest of the months up until the beginning of May have witnesses a continuos rise in numbers of attempted Zeus\/Zbot Trojan infections, Trend Micro researchers pointed out. The main goal of the malware is the same as before: stealing any type of online credentials, including those user for online banking, and any kind of personal information that might be of use to criminally-minded individuals. They now create two different folders on the system: one to stash a copy of themselves, and the other to host the stolen and encrypted information and the configuration file they download from a remote server.<\/p>\n","protected":false},"excerpt":{"rendered":"
<\/p>\n
The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.”<\/p>\n
<\/p>\n
Configuration files are, as usual, subject to change depending on which information the attackers want to steal, and the malware still tries to prevent browsers from being able to visit security sites. What was previously put in one folder in Windows’<\/span>%System%<\/i> folder is now in to random-named folders in the<\/span>%Applications Data%<\/i> folder.<\/span><\/p>\n <\/p>\n “What we can learn from ZeuS \/ Zbot\u2019s spike in recent months is simple: old threats like Zbot can always make a comeback because cybercriminals profit from these,” the researchers warn and advise: “It is important to be careful in opening email messages or clicking links.<\/p>\n <\/p>\n