ZeuS Variant Abuses Legitimate Developer’s Website

Discussion in '0-day Release' started by silversurfer, Jan 8, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    The official website of Ukraine-based accounting software developer Crystal Finance Millennium (CFM) was abused for the distribution of a variant of the ZeuS banking Trojan, Talos reports.

    The vector is similar to that used in the NotPetya attack in the summer of 2017, when a malicious actor abused the update server of tax software company M.E.Doc to distribute the destructive wiper.

    Unlike the NotPetya attack, however, the distribution the ZeuS variant didn’t leverage a compromised server. Instead, the attack relied on accounting software maker CFM's website being used to distribute malware fetched by downloaders delivered as attachments in an email spam campaign.

    The attack happened in August 2016, when information on the malware infection process were made public. Now, Talos has decided to share details on the scope of the attack and associated victims, including the geographic regions affected, based on information the company gathered after it managed to sinkhole command and control (C&C) domains.

    Source: http://www.securityweek.com/zeus-variant-abuses-legitimate-developer’s-website
    revC0de and Trim like this.
  2. Google Adsense

Share This Page