PLXsert warns Fortune 500 companies of evolving Zeus threat

Share this article:
Fraudsters have targeted gaming platform Steam by using man-in-the-browser style attacks.
The Zeus crimeware kit is being used to target SaaS and PaaS infrastructure.

After observing several related attacks throughout the past year against Fortune 500 companies, Akamai's Prolexic Security Engineering & Response Team (PLXsert) issued an advisory on Tuesday warning of an evolving, high-risk Zeus crimeware kit threat.

Zeus is still being used for its initial purposes – as a remote harvester of data, such as financial information – but has transformed over time to enable distributed denial-of-service attacks, cryptocurrency mining, and spam delivery, according to the advisory.

The infamous trojan is also being used to orchestrate customized attacks against cloud-based applications through platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures, which have been prime targets for attackers dating back to the second quarter of 2013, David Fernandez, head of PLXsert, told SCMagazine.com in a Thursday email correspondence.

“The main infection vectors are drive-by downloads and phishing campaigns, where users are mislead to click and execute malicious code,” Fernandez said, explaining multiple attacker groups are at work here. “Leaked source code enables any actor to utilize this kit.”

Earlier this month, the Federal Bureau of Investigation and the U.S. Department of Justice announced a multinational effort that resulted in disruption of the Gameover botnet, a variant of Zeus believed to have been used to steal millions of dollars around the world.

The recent takedown of Gameover Zeus "certainly helps, but unfortunately does not eliminate the threat,” Fernandez said. “Universal clean-up efforts by organizations and security awareness training for all employees can drastically reduce this threat.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.