A new version of the notorious Zeus banking trojan was found to be lurking with software-as-a-service (SaaS) applications.
Cyber security is an ever evolving area and as all new threats follow. Several of these stand out as advanced, and one of these is the trojan Zeus.
The malicious software of the Zeus family is known for its attacks on financial and banking businesses. OR Symantec christened it the "king of bots" and as mentioned above, it targets mainly financial institutions, often injecting malicious content into bank link websites in order to fool users and give them their account credentials.
However, a recent attack has revealed a turning point in the history of malware. Instead of seeking financial details, the new version of Zeus targets Software-as-a-Service (SaaS). According to the researchers security Adallom, (an application security company SaaS, a few weeks ago, a new variant of Zeus, was discovered to target Salesforce.com user certifications.
In a publication, the Adallom Labs team said that the Zeus variant uses malware "mines" that record certain computer activities, and filter the data της εταιρείας. Το κακόβουλο λογισμικό ανακαλύφθηκε από ένα εργαζόμενος που εκτελούσε προφανώς εκατοντάδες προβολές σε σύντομο χρονικό διάστημα. Η ασυνήθιστη συμπεριφορά των ιστοσελίδων κίνησε την περιέργεια του χρήστη, ο οποίος χρησιμοποιούσε τα αρχαία Windows XP και μια παλιό έκδοση του Internet Explorer which was long overdue.
Further review of the site revealed its variation trojan Zeus, W32 / Zbot. The malware waited for the user to connect to it domain *.My.salesforce.com to intercept his login data.
"This is the first incident we've seen of this powerful, if outdated, weapon now being targeted against enterprise SaaS application accounts, exposing the inability of existing security controls to detect attacks outside the perimeter of the company" report the researchers.