트렌드마이크로(TrendMicro), ZeuS/ZBOT Targets Russian Banks

세계적인 보안 업체인 트렌드마이크로(TrendMicro)에서 제우스봇(ZeuSBot)이 최근 러시아 은행을 타켓으로 잡고 있다는 분석결과를 공개하였다.

이런 지하조직은 언제쯤 없어질까.....!!

원문보기 : http://blog.trendmicro.com/zeuszbot-targets-russian-banks

While conducting research, I encountered a curious-looking new ZeuS/ZBOT sample using a very old toolkit version. I retrieved the sample two days ago. After some debugging/reversing, I found out that this specific sample targeted several banks around the globe, including Russian banks.

Here is a snippet listing down the targeted Russian banks and/or Yandex:

@*/login.osmp.ru/*
@*/atl.osmp.ru/*
@*/mylk.ru/*
https://www.telebank.ru/web/front/login.x/*TAN* *transactionID=* *
https://i.bank24.ru/confirm/payment.*TAN* *pincode=* *
*citibank.ru*

http://*citibank.ru*

*agent.e-port.ru/cp/lkan/lka.cp*
*client.mdmbank.ru/retailweb/login.asp

http://*.osmp.ru/

*rbkmoney.ru*
*light.webmoney.ru*
*money.yandex.ru*
*passport.yandex.ru*
*//mail.yandex.ru/index.xml
*//mail.yandex.ru/
*//money.yandex.ru/index.xml
*//money.yandex.ru/

This ZeuS/ZBOT sample also targeted banks found in Germany, the United States, the United Kingdom, Poland, the Netherlands, Italy, Spain, France, Belarus, Bulgaria, Australia, Ireland, the United Arab Emirates, Turkey, and New Zealand.

This is the first time I’ve seen ZeuS target Russian banks given that online banking is not so popular in Russia. I can recall a few ZeuS/ZBOT samples targeting Yandex services, but I definitely can’t recall anyone targeting MDM Bank or other online Russian banking systems.

Is this a sign? Are we going to see more ZeuS/ZBOT variants targeting this region once online banking becomes more popular in the country as in Western countries? If this is so, how much will the cybercriminals sell the information they will steal?

These are just some of the thought-provoking questions that, I guess, only the future can answer.

TrendLabs^SM has also documented previous yet interesting finds about ZeuS/ZBOT in the following entries:

• Fake News of Eminem’s Death Leads to Malware
• At a Glance: New ZeuS Variants
• ZeuS/ZBOT Tries Out File Infection

Read more: http://blog.trendmicro.com/zeuszbot-targets-russian-banks/#ixzz0ssL6oF5H