We have discussed the infamous Zeus family of malware and its numerous variants many times on Naked Security, including identifying the introduction of the Necurs rootkit into the Gameover variant, putting the Citadel variant under the microscope, and a technical paper analyzing the original Zeus.
These versions of Zeus and many more continue to plague netizens across the globe, stealing vast quantities of data and costing individuals and institutions huge amounts of money.
I will be giving a presentation at SOURCE Dublin this week that demonstrates the process of extracting useful information from a variety of key Zeus variants including Citadel, Gameover and IceIX.
Our SophosLabs threat researchers had four papers accepted for the Virus Bulletin 2014 conference in Seattle coming up in September. We’ll be there, alongside the best minds in the security industry.
SophosLabs researchers will share their discoveries and analysis of some cutting-edge topics, including Android malware, kernel rootkits, and new strategies used by malware to evade detection and capture by sandboxing.
We often talk about inanimate things as if they live and die — maybe to feel better about them having power over us. Just look at Windows XP, which is now on extended life support until Microsoft finally pulls the plug in April, and which critics would gladly see die.
On Patch Tuesday in April, Microsoft will officially end support for the aging Windows XP with its final security patch. But with millions of people still relying on this long-in-the-tooth operating system, will it live on even after Microsoft has essentially killed it off?
Along these same lines, one of our superb researchers at SophosLabs discovered recently a new variant of the Gameover banking Trojan that borrows code from a rootkit in order to stay hidden, making it much harder to kill. And when it comes to matters of crime and punishment, some cybercriminals are finding that their malicious code will live long after they have gone away.
A variant of the Gameover banking malware has a newly-discovered rootkit element that works to conceal and protect the malware files on disk and in memory, making it harder to find and remove once the malware is active, according to new research from SophosLabs.
Rootkits are a type of malware designed to gain administrator privileges on infected computers, allowing attackers to modify processes that would otherwise clean up the malware. In Gameover’s case, the addition of code from a crafty rootkit called Necurs means it just became a whole lot harder to fend off. And that means the Gameover gang will have an easier time stealing data from its victims.