The Inquirer-Home

Online criminals are moving on from Zeus

Bugat is harder to detect
Wed Oct 13 2010, 13:43

CYBER CRIMINALS ARE BRANCHING OUT in their botnet zombie attacks with a stronger version of the malware called Bugat that's harder to detect than the Zeus Trojan.

Insecurity researchers Trusteer claims it has found an upgraded version of the Bugat Trojan. Bugat does not yet have rockstar popularty of the Zeus Trojan and of course that's part of the problem.

Bugat was used instead of Zeus to zombify systems and pilfer the personal details of users in a recent Linkedin phishing attack.

It's not that Bugat is harder to detect but Zeus has created awareness. People have been looking out for Zeus attacks since 80 people were arrested recently in a huge Eastern European centred botnet phishing and keylogging scam.

Trusteer says that the popularity of Zeus has led to cyber criminals looking at other attack tools for the job.

Bugat has been around the block before but Trusteer is warning punters by saying the latest Bugat versions are part of an "arms race". That's always the case, of course, but it helps to remind people every once in a while, apparently.

"Criminals are stepping up their malware distribution efforts by continuously updating configurations of well known malware like Zeus, and using new versions of less common Trojans like Bugat, to avoid detection," said Mickey Boodaei, CEO of Trusteer.

The Bugat Trojan malware isn't really any different from Zeus, Clampi and Gozi. Bugat injects exe data into browsers, specifically Internet Explorer and Firefox, then steals user's banking information to enable the botnet herders to perform dodgy online banking transactions.

When Bugat was used in recent a phishing scam, Linkedin users received hooky email reminders with a dodgy URL link. Once clicked on, a Java applet installed the Bugat exe. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?