Zeus banking Trojan returns with a new strength
In the beginning of November, 2017 cyber security experts started increasing anxiety among Internet users by spreading the warning about the manifestation of a new version of Zeus banking Trojan. Known as Zeus Panda, this dangerous type of malware has been circulating on the Internet since June, this year making unaware users of Google and other search engines tricked into revealing their banking and other sensitive credentials.
New version – unprecedented distribution strategy
The code of the original Zeus banking Trojan was leaked in 2011. Since then, several groups of cyber villains exploited it for the development of new variants. However, neither ZeuS nor Zbot versions can be compared to the Zeus Panda, which is the most prolific and advanced in terms or distribution, infiltration, and performance.
Zeus Panda does not rely on old Zeus Trojan distribution techniques like spam emails or phishing scams. Its developers exploit Search Engine Optimization (SEO) by leveraging the Google SERP (Search Engine Results Pages) ranking of the hacked sites. The websites are injected with carefully chosen keywords, thus making the malicious link positioned at the top of Google search results.
Cyber criminals target a particular set of keywords, which are queried by millions of people. In this particular way, the likelihood that a potential victim will click on the malicious link increases. Unfortunately, a full list of Zeus Panda infected keywords, a couple of examples have already been revealed by Talos:
“nordea sweden bank account number”
“al rajhi bank working hours during ramadan”
“how many digits in karur vysya bank account number”
“free online books for bank clerk exam”
“how to cancel a cheque commonwealth bank”
“salary slip format in excel with formula free download”
“bank of baroda account balance check”
“bank guarantee format mt760”
“free online books for bank clerk exam”
“sbi bank recurring deposit form”
“axis bank mobile banking download link”
Execution via Microsoft Word document
If the man-on-the-browser opens a Microsoft Word document, he will get a pop-up asking to “Enable Editing,” “Enable Content” or warning that “Macros have been disabled.” As long as Macros is not enabled, the Zeus Panda executable (PE32) cannot be injected. Clicking the “Enable macros” downloads the malicious executable and saves it into the %TEMP% directory on the system using the difficult-to-recognize filename.
Panda Trojan currently targets users located in Sweden, India, Australia and Saudi Arabia
It has been found that the new Zeus Trojan variant is currently targeting Swedish, Indian, Australian, and Arabian users. The scope of its developers is not clear, but it’s easy to guess that they are not going to restrict the distribution of the malware.
Even now, some of the keywords revealed by Talos are rather universal, for example, free online books for bank clerk exam” or “how to cancel a cheque commonwealth bank.”
What makes the Zeus Panda Trojan campaign the most prolific and dangerous is the fact that the malware does not have an interface and features a well-developed self-destruction mechanism. In other words, it does not let the user of infected PC understand that the Trojan is on-board.
Besides, to prevent detection and analysis, Panda virus verifies the system before execution and runs in a sane environment only. By checking the virtual environment, the malware prevents itself from running on virtual machines.
The fact that devices based in Russia, Belarus, the Ukraine and Kazakhstan are bypassed by the newest version of banking Trojan has aroused various speculations about its origin. Upon the installation, it checks the keyboard mapping and if it matches any of the above-mentioned countries, the Zeus Panda destructs itself automatically.
The malware is hard to detect
The Panda variant of Zeus Trojan does not have a destructive behavior, which makes it difficult or practically impossible to detect. If the victim does not use a professional anti-malware tool or the tool is out-of-date, the Trojan it may steal victim’s personal information for quite a long time.
According to security experts, the most of the reputable anti-malware programs are capable of recognizing the Zeus Panda Trojan code. Therefore, it’s advisable to install the latest definitions for your security tool and keep the guard up.
Finally, be cautious about the content you click on when browsing. If you noticed a suspicious link, which contains typo mistakes or enter a website that causes a series of redirects and urge to download PDF or Word files, we would strongly recommend bypassing the link of closing the site immediately unless you are hundred percent sure about it being secure.
Prevent websites, ISP, and other parties from tracking you
Private Internet Access is a VPN that can prevent your Internet Service Provider, the government, and third-parties from tracking your online and allow you to stay completely anonymous. The software provides dedicated servers for torrenting and streaming, ensuring optimal performance and not slowing you down. You can also bypass geo-restrictions and view such services as Netflix, BBC, Disney+, and other popular streaming services without limitations, regardless of where you are.
A VPN is also crucial when it comes to user privacy. Online trackers such as cookies can not only be used by social media platforms and other websites but also your Internet Service Provider and the government. Even if you apply the most secure settings via your web browser, you can still be tracked via apps that you are connected to the internet. Besides, privacy-focused browsers like Tor is are not an optimal choice due to diminished connection speed.
Therefore, to stay completely anonymous and prevent the ISP and the government from spying on you, you should employ Private Internet Access VPN. It will allow you to connect to the internet while being completely anonymous, prevent trackers, ads, as well as malicious content. Most importantly, you will prevent the illegal surveillance activities that NSA and other governmental institutions are performing behind your back.
Recover your lost files quickly
Unforeseen circumstances can happen at any time while using the computer: it can turn off due to a power cut, a Blue Screen of Death (BSoD) can occur, or random Windows updates can decide to reboot the machine when you went away for a few minutes. As a result, your schoolwork, important documents, and other data might be lost.
Additionally, you might also be attacked by malware that can corrupt your Windows or encrypt files with a robust encryption algorithm, and ask for a ransom in Bitcoin for the decryption tool. Cybercriminals might not deliver what they promised, however, so it is better to attempt alternative file recovery methods that could help you to retrieve at least some portion of the lost data.
Data recovery software is one of the options that could help you recover your files. Once you delete a file, it does not vanish into thin air – it remains on your system as long as no new data is written on top of it. Data Recovery Pro is recovery software that searchers for working copies of deleted files within your hard drive. By using the tool, you can prevent loss of valuable documents, school work, personal pictures, and other crucial files.