PLXsert warns Fortune 500 companies of evolving Zeus threat

Share this article:
Fraudsters have targeted gaming platform Steam by using man-in-the-browser style attacks.
The Zeus crimeware kit is being used to target SaaS and PaaS infrastructure.

After observing several related attacks throughout the past year against Fortune 500 companies, Akamai's Prolexic Security Engineering & Response Team (PLXsert) issued an advisory on Tuesday warning of an evolving, high-risk Zeus crimeware kit threat.

Zeus is still being used for its initial purposes – as a remote harvester of data, such as financial information – but has transformed over time to enable distributed denial-of-service attacks, cryptocurrency mining, and spam delivery, according to the advisory.

The infamous trojan is also being used to orchestrate customized attacks against cloud-based applications through platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures, which have been prime targets for attackers dating back to the second quarter of 2013, David Fernandez, head of PLXsert, told SCMagazine.com in a Thursday email correspondence.

“The main infection vectors are drive-by downloads and phishing campaigns, where users are mislead to click and execute malicious code,” Fernandez said, explaining multiple attacker groups are at work here. “Leaked source code enables any actor to utilize this kit.”

Earlier this month, the Federal Bureau of Investigation and the U.S. Department of Justice announced a multinational effort that resulted in disruption of the Gameover botnet, a variant of Zeus believed to have been used to steal millions of dollars around the world.

The recent takedown of Gameover Zeus "certainly helps, but unfortunately does not eliminate the threat,” Fernandez said. “Universal clean-up efforts by organizations and security awareness training for all employees can drastically reduce this threat.”

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.