PLXsert warns Fortune 500 companies of evolving Zeus threat

Share this article:
Fraudsters have targeted gaming platform Steam by using man-in-the-browser style attacks.
The Zeus crimeware kit is being used to target SaaS and PaaS infrastructure.

After observing several related attacks throughout the past year against Fortune 500 companies, Akamai's Prolexic Security Engineering & Response Team (PLXsert) issued an advisory on Tuesday warning of an evolving, high-risk Zeus crimeware kit threat.

Zeus is still being used for its initial purposes – as a remote harvester of data, such as financial information – but has transformed over time to enable distributed denial-of-service attacks, cryptocurrency mining, and spam delivery, according to the advisory.

The infamous trojan is also being used to orchestrate customized attacks against cloud-based applications through platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures, which have been prime targets for attackers dating back to the second quarter of 2013, David Fernandez, head of PLXsert, told SCMagazine.com in a Thursday email correspondence.

“The main infection vectors are drive-by downloads and phishing campaigns, where users are mislead to click and execute malicious code,” Fernandez said, explaining multiple attacker groups are at work here. “Leaked source code enables any actor to utilize this kit.”

Earlier this month, the Federal Bureau of Investigation and the U.S. Department of Justice announced a multinational effort that resulted in disruption of the Gameover botnet, a variant of Zeus believed to have been used to steal millions of dollars around the world.

The recent takedown of Gameover Zeus "certainly helps, but unfortunately does not eliminate the threat,” Fernandez said. “Universal clean-up efforts by organizations and security awareness training for all employees can drastically reduce this threat.”

Share this article:

Sign up to our newsletters

More in News

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to ...

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.