SlideShare a Scribd company logo

Study on Zeus Banking Malware

Download as PPTX, PDF
S
Shaik Anisa

Zeus malware is explored using case study

Technology
1 of 28
Case study on Zeus banking trojan
hello! I am Shaik Anisa DEPT : CSE-B RRN: 180071601113 2
contents of presentation ✘ Introduction ✘ Case study ✘ What does Zeus Malware do to Computers? ✘ How does it work? ✘ Types of data targeted by Zeus ✘ Impact of Zeus ✘ Detection of ZeuS ✘ Protection ✘ Conclusion ✘ References 3
introduction ✘ With the rise of widespread broadband Internet access, malware has now emerged as the primary vehicle for organized cybercrime. ✘ Most malwares are now geared towards making profit and enabling financial gain. This has led to an increased attack on banking and financial systems. ✘ Zeus (also known as Zbot, Kneber, PRG, NTOS, Wsnpoem and Gorhax) is a crimeware kit designed to steal banking information and credentials . ✘ It is used by cyber criminals across the Globe, and is designed to steal users’ online banking details as well as other important credentials. Today, Zeus is estimated to account for some 44% of the banking malware infections 4
“ I didn’t invent forensic science and medicine. I just was one of the people to recognize how interesting it is. -Patricia Cornwell 5
Case study What Happened in Kentucky? 6
Overview of the case ✘ County treasurer had ZeuS malware on his PC ✘ ƒ Criminals stole credentials and logged in to bank accounts from treasurer’s PC . • Reconnaissance used to plan theft • Mule recruitment via Careerbuilder.com • Created mules as fictitious employees • Mules receive $9700 and sent $8700 to Ukraine via Western Union ƒ ✘ Transactions were wire transfers ✘ Total of $415k stolen 7
Background story….! 1. The first is that stolen credentials are sent immediately via instant message to the attackers. 2. The second more interesting feature, that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection. 3. By connecting through the victim's PC or Internet connection, the bad guys can avoid raising any suspicions.
Forensic Investigation Report ✘ The attackers somehow got the Zeus Trojan on the county treasurer's PC, and used it to steal the username and password the treasurer needed to access e-mail and the county's bank account. ✘ Once logged in, the criminals changed the judge's password, as well as e-mail address tied to the judge's account. ✘ They then created several fictitious employees of the county and created a batch of wire transfers to those individuals to be approved. ✘ The attackers then retrieved the passphrase from the e-mail, and logged in again with the judge's new credentials and the one-time passphrase. 9
The Role of the Money Mules - Scammed Into Serving ✘ Both were females under the age of 35 who initially were contacted after placing their resumes on Careerbuilder.com. Each received e- mails from a company calling itself Fairlove Delivery Service. Both women agreed to speak with Security Fix on the condition of anonymity. ✘ There were hired by Fairlove to edit documents for grammar and flow, and promised a pay of $8 for each kilobyte of data they processed (see the initial Careerbuilder scam e-mail here. The documents they were hired to edit often were full of grammatical errors and faulty or missing punctuation. Both money mules said it appeared that whoever wrote the letters was not a native English speaker. 10
Zeus ✘ Zeus was first used in 2007 to steal information from the United States Department of Transportation, but has evolved over time. The ease of use of Zeus has made it an ideal tool for even novice hackers to easily steal the banking-related information from an individual or customer- related data from a server. Being freely traded in underground forums, it has become widely prevalent and is now being distributed by multiple, unrelated parties. ✘ Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek. 11
What does Zeus Malware do to Computers? Zeus malware can do a variety of things once it affects a system, however, it actually has two main sections of functionality. • Primarily, it creates a botnet, it is managed as a group without the owners’ knowledge by a command and control server under the control of the malware’s owner. The botnet enables the owner to gather massive amounts of information or execute large-scale attacks. • The malware is designed to recognize when the user is on a banking website and records the keystrokes used to log in. Now, Zeus malware has been mainly neutralized, the Trojan lives on as its components are used in a large number of new and emerging malware. 12
HOW DOES IT WORK? 13
14
How does it spread? ✘ Drive-By Downloads • A drive-by download happens when the user visits a website or clicks a misleading pop-up window. • usually exploits outdated systems with security flaws. ✘ Spam campaigns • user receives an e-mail message from a well-known organization with some false banking information attached or with a link included in the e-mail. • Once, the user clicks the link or downloads the attached file to the e- mail, the system will be infected 15
Here we can observe the difference ! 16
Fig: Sample of banking information collected from an infected system. 17 Types of data being targeted by ZeuS
Fig: Sample of banking transaction information collected from an infected system. 18
The Screenshot shows the same user posting account usernames and passwords to try to prove that there is valuable data in the stolen ZeuS database file. 19
Impact of zeus ✘ Financial Damage • According to security company Trusteer, Zeus alone accounts for 44% of all banking malware infections. Many cases involve SMBs who have had huge amounts transferred out of their accounts without their knowledge. ✘ Damage to Goodwill • Such incidents, however, cause a huge loss of reputation and bad publicity for the bank, in addition to loss of confidence among customers who transfer their accounts to other banks. Since trust is fundamental to banking institutions, such incidents lead to decreased growth 20
Zeus has been the reason for millions of infected PCs A criminal gang wielding a new version of Zeus malware that's designed for mobile devices has stolen an estimated 36 million euros, or $47 million, from more than 30,000 corporate and private banking customers. 21
Top 10 Most Dangerous Malware That Can Empty Your Bank Account . 22 https://heimdalsecurity.com/blog/top-financial-malware/
Detection of ZeuS ✘ With Administrator rights: %systemroot%system32sdra64.exe (malware) %systemroot%system32lowsec %systemroot%system32lowsecuser. ds (encrypted stolen data file) %systemroot%system32lowsecuser. ds.lll (temporary file for stolen data) %systemroot%system32lowseclocal. ds (encrypted configuration file) ✘ Without Administrator rights: %appdata%sdra64.exe %appdata%lowsec %appdata%lowsecuser.ds %appdata%lowsecuser.ds.lll %appdata%lowseclocal.ds 23
PROTECTION of endpoints ✘ For Individual Users: • Never visit suspicious websites • Be careful when opening e-mails or attachments from unknown sources. • Back up your files regularly • Have the popup blockers enabled always • Keep your computer OS and antivirus software up-to-date ✘ For Businesses (Corporates): • Implement stringent controls on privileged accounts • Have a proper data backup and recovery plan • Make sure all the corporate- connected devices are up to date 24
Top 5 victim countries affected by Zeus MEXICO 25 EGYPT SAUDI ARABIA TURKEY USA
conclusion ZeuS is the most significant banking malware currently in existence. The scope of threat from ZeuS and its derivatives has been growing as the functionality of its toolkit expands. Mobile malware is a new frontier and the rise in mobile devices means a rise in mobile botnets. All internet and mobile device users are potential targets and the threat will increase as malware continues to extend in functionality, availability and ease of use. Organizations need to understand that the Zeus virus is still out there and take steps to protect their finances and sensitive information. 26
References ✘ “2009 Internet Crime Report” released by the Internet Crime Complaints Center (iC3) ✘ https://www.networkworld.com/article/2226723/us-takes-out-gang-that-used- zeus-malware-to-steal-millions.html ✘ www.unisys.com ✘ https://enterprise.comodo.com/blog/what-is-zeus-malware/ ✘ Adham, Manal, Azodi, Amir, Desmedt, Yvo, & Karaolis, Ioannis. (2013). How to Attack Two-Factor Authentication Internet Banking. In A.-R. Sadeghi (Ed.), Financial Cryptography and Data Security (pp. 322-328): Springer Berlin Heidelberg. ✘ https://econinfosec.org/archive/weis2014/papers/Tajalizadehkhoob-WEIS2014.pdf ✘ https://ieeexplore.ieee.org/abstract/document/7345443 27
thanks! Any questions? 28

Recommended

Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkitNikhil Pandit
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)Soham Kansodaria
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Phishing
PhishingPhishing
PhishingHHSome
 

Recommended

Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Spyware and rootkit
Spyware and rootkitSpyware and rootkit
Spyware and rootkitNikhil Pandit
 
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)Soham Kansodaria
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Phishing
PhishingPhishing
PhishingHHSome
 
Web Security
Web SecurityWeb Security
Web SecurityADIEFEH
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISNull Bhubaneswar
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptRashed Sayyed
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Deep web and dark web
Deep web and dark webDeep web and dark web
Deep web and dark webVaishali Misra
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Android Malware Detection Mechanisms
Android Malware Detection MechanismsAndroid Malware Detection Mechanisms
Android Malware Detection MechanismsTalha Kabakus
 
Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptxAnnMichelleDiaz
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 

More Related Content

What's hot

Web Security
Web SecurityWeb Security
Web SecurityADIEFEH
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware AnalysisAlbert Hui
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisAhmed Banafa
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Android Malware Detection Mechanisms
Android Malware Detection MechanismsAndroid Malware Detection Mechanisms
Android Malware Detection MechanismsTalha Kabakus
 

What's hot (20)

Web Security
Web SecurityWeb Security
Web Security
 
Basic Malware Analysis
Basic Malware AnalysisBasic Malware Analysis
Basic Malware Analysis
 
Zero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic AnalysisZero-Day Vulnerability and Heuristic Analysis
Zero-Day Vulnerability and Heuristic Analysis
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Deep web and dark web
Deep web and dark webDeep web and dark web
Deep web and dark web
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Android Malware Detection Mechanisms
Android Malware Detection MechanismsAndroid Malware Detection Mechanisms
Android Malware Detection Mechanisms
 

Similar to Study on Zeus Banking Malware

Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Dyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeDyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeSymantec
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsDrPraveenKumar37
 
Computer virus
Computer virusComputer virus
Computer virussajeena81
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxDhruvsinhbhati
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manualRoel Palmaers
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crimeDarshan Aswani
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 

Similar to Study on Zeus Banking Malware (20)

Web Security.pptx
Web Security.pptxWeb Security.pptx
Web Security.pptx
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Dyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud LandscapeDyre: Emerging Threat on Financial Fraud Landscape
Dyre: Emerging Threat on Financial Fraud Landscape
 
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliRansomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
 
Sophos a-to-z
Sophos a-to-z Sophos a-to-z
Sophos a-to-z
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
Security Primer
Security PrimerSecurity Primer
Security Primer
 
Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)Eset cybersecurity awareness (laxman giri)
Eset cybersecurity awareness (laxman giri)
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
Computer virus
Computer virusComputer virus
Computer virus
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
 
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptxCYBER SECURITY AWARENESS.pptx [Read-Only].pptx
CYBER SECURITY AWARENESS.pptx [Read-Only].pptx
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 
cybersecurity and cyber crime
cybersecurity and cyber crimecybersecurity and cyber crime
cybersecurity and cyber crime
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime types
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Study on Zeus Banking Malware

  • 1. Case study on Zeus banking trojan
  • 2. hello! I am Shaik Anisa DEPT : CSE-B RRN: 180071601113 2
  • 3. contents of presentation ✘ Introduction ✘ Case study ✘ What does Zeus Malware do to Computers? ✘ How does it work? ✘ Types of data targeted by Zeus ✘ Impact of Zeus ✘ Detection of ZeuS ✘ Protection ✘ Conclusion ✘ References 3
  • 4. introduction ✘ With the rise of widespread broadband Internet access, malware has now emerged as the primary vehicle for organized cybercrime. ✘ Most malwares are now geared towards making profit and enabling financial gain. This has led to an increased attack on banking and financial systems. ✘ Zeus (also known as Zbot, Kneber, PRG, NTOS, Wsnpoem and Gorhax) is a crimeware kit designed to steal banking information and credentials . ✘ It is used by cyber criminals across the Globe, and is designed to steal users’ online banking details as well as other important credentials. Today, Zeus is estimated to account for some 44% of the banking malware infections 4
  • 5. “ I didn’t invent forensic science and medicine. I just was one of the people to recognize how interesting it is. -Patricia Cornwell 5
  • 6. Case study What Happened in Kentucky? 6
  • 7. Overview of the case ✘ County treasurer had ZeuS malware on his PC ✘ ƒ Criminals stole credentials and logged in to bank accounts from treasurer’s PC . • Reconnaissance used to plan theft • Mule recruitment via Careerbuilder.com • Created mules as fictitious employees • Mules receive $9700 and sent $8700 to Ukraine via Western Union ƒ ✘ Transactions were wire transfers ✘ Total of $415k stolen 7
  • 8. Background story….! 1. The first is that stolen credentials are sent immediately via instant message to the attackers. 2. The second more interesting feature, that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection. 3. By connecting through the victim's PC or Internet connection, the bad guys can avoid raising any suspicions.
  • 9. Forensic Investigation Report ✘ The attackers somehow got the Zeus Trojan on the county treasurer's PC, and used it to steal the username and password the treasurer needed to access e-mail and the county's bank account. ✘ Once logged in, the criminals changed the judge's password, as well as e-mail address tied to the judge's account. ✘ They then created several fictitious employees of the county and created a batch of wire transfers to those individuals to be approved. ✘ The attackers then retrieved the passphrase from the e-mail, and logged in again with the judge's new credentials and the one-time passphrase. 9
  • 10. The Role of the Money Mules - Scammed Into Serving ✘ Both were females under the age of 35 who initially were contacted after placing their resumes on Careerbuilder.com. Each received e- mails from a company calling itself Fairlove Delivery Service. Both women agreed to speak with Security Fix on the condition of anonymity. ✘ There were hired by Fairlove to edit documents for grammar and flow, and promised a pay of $8 for each kilobyte of data they processed (see the initial Careerbuilder scam e-mail here. The documents they were hired to edit often were full of grammatical errors and faulty or missing punctuation. Both money mules said it appeared that whoever wrote the letters was not a native English speaker. 10
  • 11. Zeus ✘ Zeus was first used in 2007 to steal information from the United States Department of Transportation, but has evolved over time. The ease of use of Zeus has made it an ideal tool for even novice hackers to easily steal the banking-related information from an individual or customer- related data from a server. Being freely traded in underground forums, it has become widely prevalent and is now being distributed by multiple, unrelated parties. ✘ Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek. 11
  • 12. What does Zeus Malware do to Computers? Zeus malware can do a variety of things once it affects a system, however, it actually has two main sections of functionality. • Primarily, it creates a botnet, it is managed as a group without the owners’ knowledge by a command and control server under the control of the malware’s owner. The botnet enables the owner to gather massive amounts of information or execute large-scale attacks. • The malware is designed to recognize when the user is on a banking website and records the keystrokes used to log in. Now, Zeus malware has been mainly neutralized, the Trojan lives on as its components are used in a large number of new and emerging malware. 12
  • 13. HOW DOES IT WORK? 13
  • 14. 14
  • 15. How does it spread? ✘ Drive-By Downloads • A drive-by download happens when the user visits a website or clicks a misleading pop-up window. • usually exploits outdated systems with security flaws. ✘ Spam campaigns • user receives an e-mail message from a well-known organization with some false banking information attached or with a link included in the e-mail. • Once, the user clicks the link or downloads the attached file to the e- mail, the system will be infected 15
  • 16. Here we can observe the difference ! 16
  • 17. Fig: Sample of banking information collected from an infected system. 17 Types of data being targeted by ZeuS
  • 18. Fig: Sample of banking transaction information collected from an infected system. 18
  • 19. The Screenshot shows the same user posting account usernames and passwords to try to prove that there is valuable data in the stolen ZeuS database file. 19
  • 20. Impact of zeus ✘ Financial Damage • According to security company Trusteer, Zeus alone accounts for 44% of all banking malware infections. Many cases involve SMBs who have had huge amounts transferred out of their accounts without their knowledge. ✘ Damage to Goodwill • Such incidents, however, cause a huge loss of reputation and bad publicity for the bank, in addition to loss of confidence among customers who transfer their accounts to other banks. Since trust is fundamental to banking institutions, such incidents lead to decreased growth 20
  • 21. Zeus has been the reason for millions of infected PCs A criminal gang wielding a new version of Zeus malware that's designed for mobile devices has stolen an estimated 36 million euros, or $47 million, from more than 30,000 corporate and private banking customers. 21
  • 22. Top 10 Most Dangerous Malware That Can Empty Your Bank Account . 22 https://heimdalsecurity.com/blog/top-financial-malware/
  • 23. Detection of ZeuS ✘ With Administrator rights: %systemroot%system32sdra64.exe (malware) %systemroot%system32lowsec %systemroot%system32lowsecuser. ds (encrypted stolen data file) %systemroot%system32lowsecuser. ds.lll (temporary file for stolen data) %systemroot%system32lowseclocal. ds (encrypted configuration file) ✘ Without Administrator rights: %appdata%sdra64.exe %appdata%lowsec %appdata%lowsecuser.ds %appdata%lowsecuser.ds.lll %appdata%lowseclocal.ds 23
  • 24. PROTECTION of endpoints ✘ For Individual Users: • Never visit suspicious websites • Be careful when opening e-mails or attachments from unknown sources. • Back up your files regularly • Have the popup blockers enabled always • Keep your computer OS and antivirus software up-to-date ✘ For Businesses (Corporates): • Implement stringent controls on privileged accounts • Have a proper data backup and recovery plan • Make sure all the corporate- connected devices are up to date 24
  • 25. Top 5 victim countries affected by Zeus MEXICO 25 EGYPT SAUDI ARABIA TURKEY USA
  • 26. conclusion ZeuS is the most significant banking malware currently in existence. The scope of threat from ZeuS and its derivatives has been growing as the functionality of its toolkit expands. Mobile malware is a new frontier and the rise in mobile devices means a rise in mobile botnets. All internet and mobile device users are potential targets and the threat will increase as malware continues to extend in functionality, availability and ease of use. Organizations need to understand that the Zeus virus is still out there and take steps to protect their finances and sensitive information. 26
  • 27. References ✘ “2009 Internet Crime Report” released by the Internet Crime Complaints Center (iC3) ✘ https://www.networkworld.com/article/2226723/us-takes-out-gang-that-used- zeus-malware-to-steal-millions.html ✘ www.unisys.com ✘ https://enterprise.comodo.com/blog/what-is-zeus-malware/ ✘ Adham, Manal, Azodi, Amir, Desmedt, Yvo, & Karaolis, Ioannis. (2013). How to Attack Two-Factor Authentication Internet Banking. In A.-R. Sadeghi (Ed.), Financial Cryptography and Data Security (pp. 322-328): Springer Berlin Heidelberg. ✘ https://econinfosec.org/archive/weis2014/papers/Tajalizadehkhoob-WEIS2014.pdf ✘ https://ieeexplore.ieee.org/abstract/document/7345443 27