• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 4th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Zues Malware on Facebook steals money and bank details from accounts once clicked

June 9th, 2013 Waqas Malware 1 comments
Zues Malware on Facebook steals money and bank details from accounts once clicked
Share on FacebookShare on Twitter

A computer malware has been found on Facebook that is smart enough to empty your bank account by taking out money from your contacts.

With the increased activities and the large varieties of different malware hitting the scene of IT industry, the infamous info-stealer ZueS/ZBOT versions are coming forth for vengeance. TrendMicro security network predicts that the old versions and variants or different malware will hit the cybercrime scene with some new and fatal refinements to their artillery. The 1Q has proven this thesis during the present year as we have seen with threats like Andromenda Botnet and CARBERP.

Zues-Malware-on-Facebook-steals-money-and-bank-details-from-accounts-once-clicked

According to the feedback and the data presented by Trend Micro Smart Protection Network, new but old malware threats which have considerably increased over the last few months include ZueS/ZBOT.

The chart suggests that the variants of ZBOT Soared up at the start of February this year and have continued to remain active up this present month. It was at the peak during the midst of the month of May 2013. These classic and improved malware have been formulated to steal from users, data such as online credentials, banking information and credentials and other personal information which should be kept confidential.

Zues-Malware-on-Facebook-steals-money-and-bank-details-from-accounts-once-clicked-2

The configuration file on being decrypted shows the following information:

  • Site from where the updated or modified copy of the configuration file can be downloaded.

  • List containing domain names of websites that are to be monitored.

  • The site where the data stolen will be sent.

ZBOT (Old Versions vs. New version)

The earlier versions of ZBOT had the feature of creating a folder with the name of %System% folder which stored all the credential and the stolen data along with configuration files. ZBOT versions are designed to alter the host files of Windows which are designed to disable users from gaining access to websites related to security. The strings which are appended with the hosts’ files can be found in the configuration file which is downloaded. The previous versions of ZBOT included TSPY_ZBOT.XMAS and TSPY_ZBOT.SMD.

Zues-Malware-on-Facebook-steals-money-and-bank-details-from-accounts-once-clicked-3

The current versions of this malware are designed to create two different folders in %Applications Data% folder. ZBOT folder is contained in one of these folders while the other stores encrypted data. An example in this regard is TSPY_ZBOT.BBH.

Zues-Malware-on-Facebook-steals-money-and-bank-details-from-accounts-once-clicked-4

These current versions of ZBOT malware are normally GameOver Variants or Citadel. The name of the mutex in these versions is generated normally and this was not the case with the earlier versions.

Both the variants mentioned above transmit or remit DNS queries towards random domain names. GameOver Variant in addition, also creates a UDP port which is known to deliver encrypted packets apart from the DNS queries.

Zues-Malware-on-Facebook-steals-money-and-bank-details-from-accounts-once-clicked-5

How do they Work to Steal Credentials?

ZBOT Malware establishes connection with a remote site for the purpose of downloading its configuration file which is encrypted.

The configuration file on being decrypted shows the following information:

  • Site from where the updated or modified copy of the configuration file can be downloaded.
  • List containing domain names of websites that are to be monitored.
  • The site where the data stolen will be sent.

Source & Images Via: TrendMirco

Follow @HackRead

  • Tags
  • Credit Card Stealing
  • Cyber Criminals
  • Facebook
  • facebook account hacked
  • Facebook Malware
  • Facebook Trojan
  • facebook virus
  • virus
  • Zues Malware
Facebook Twitter LinkedIn Pinterest
Previous article #OpTurkey: Anonymous Hacks Fox Entertainment Turkey & Vodasoft, Leaks account details online
Next article Pakistan May Ban Google Over Blasphemous Content
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Gootloader exploits websites via SEO to spread ransomware, trojans

Gootloader exploits websites via SEO to spread ransomware, trojans

Hackers using malicious Firefox extension to phish Gmail credentials

Hackers using malicious Firefox extension to phish Gmail credentials

Botnet Abusing Bitcoin Blockchain To Evade Detection

Botnet Abusing Bitcoin Blockchain To Evade Detection

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Flaw allowed bypassing verification code, log in to any Microsoft account
Microsoft

Flaw allowed bypassing verification code, log in to any Microsoft account

Hackers hit Microsoft Exchange Server to steal email data
Cyber Crime

Hackers hit Microsoft Exchange Server to steal email data

Gootloader exploits websites via SEO to spread ransomware, trojans
Security

Gootloader exploits websites via SEO to spread ransomware, trojans

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us