U.S. and international law enforcement may have stymied the Gameover Zeus malware criminal enterprise with a series of arrests and seizures last week, but the threats of the highly malleable Zeus framework -- sometimes called malware-as-a-service -- continue, according to cyber security firm Prolexic.
In a statement, the Prolexic Security Engineering & Response Team said it has "observed new payloads from the Zeus crimeware kit in the wild." Per the statement:
Over the years, the Zeus framework has evolved from focusing on the harvesting of banking credentials to being used in the control of hosts (zombies) for many types of crime, including customized attacks to target specific platform-as-a-service (PaaS) and software-as-a-service (SaaS) infrastructures of Fortune 500 enterprises.
Using the Zeus kit, attackers can scoop up user names and passwords as they are entered into a web browser on an infected PC or tablet, according to the company, which was bought by Akamai late last year. Attackers can also insert new fields into what looks like a legitimate web form from a bank to trick the user into supplying additional data -- including PIN numbers -- that should not be divulged.
Security expert and blogger Brian Krebs described Gameover Zeus differs from traditional botnets where infected devices are controlled by a central server, which make them vulnerable to seizures and shutdowns of that server. Instead, Gameover Zeus -- the subject of last week's crackdown -- is a peer-to-peer botnet that is trickier to eliminate because it is so decentralized. Check out Krebs' interview with two (unnamed) security specialists who helped hijack the Gameover.