Fraudster mistakenly spreads Ramnit via Zeus toolkit

When researchers saw that a Zeus admin panel was infected, they initially believed fraudsters were sabotaging one another. But after digging further into the incident, they determined that a cybercriminal had unknowingly uploaded the admin panel from a personal computer infected with malware.

On Monday, Lior Ben-Porat of RSA FirstWatch, blogged about the case, writing that the Zeus Robot admin panel, called Zeus Panther, had an “unusual add-on” – more specifically, the well-known Ramnit worm.

“On further analysis, our researchers determined that this infection file is actually an instance dating from mid-2013 of a Ramnit worm, and one of the main functionalities of the worm is to add the VBS code to all HTML files found on the system,” Ben-Porat said, which could potentially allow outsiders to update and reconfigure the botnet control panel or identify an operator's malware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.