{"id":5476,"date":"2016-04-22T15:25:45","date_gmt":"2016-04-22T15:25:45","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5476"},"modified":"2020-02-26T19:00:27","modified_gmt":"2020-02-26T17:00:27","slug":"atmos-yet-another-zeus-variant-is-threatening-businesses","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/atmos-yet-another-zeus-variant-is-threatening-businesses\/5476\/","title":{"rendered":"Atmos: yet another ZeuS variant is threatening businesses"},"content":{"rendered":"<p>Cybersecurity researchers <a href=\"https:\/\/threatpost.com\/zeus-banking-trojan-resurfaces-as-atmos-variant\/117344\/\" target=\"_blank\" rel=\"noopener nofollow\">rang the alarm bells<\/a> about a new banking malware codenamed Atmos. This nasty creature tries to steal banking credentials from the infected PCs, and then drops ransomware (namely \u2013 Teslacrypt) as a farewell \u201cgift\u201d.\u00a0What is most peculiar about this Trojan, however, is that it turns out to be a part of the infamous ZeuS strain of banking malware.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Atmos: yet another ZeuS variant is threatening businesses #enterprisesec<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FEhL2&amp;text=Atmos%3A+yet+another+ZeuS+variant+is+threatening+businesses+%23enterprisesec\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>ZeuS is a long-standing cybersecurity nemesis. It first surfaced back in 2007, becoming a AAA-level threat as its various revisions and modifications formed one of the largest, if not the largest, botnets on the Web. Back in 2013, it had infected an estimated 13 million PCs worldwide. Members of the associated cybercrime ring are rumored to have stolen up to $70 million using this Trojan.<\/p>\n<p>In 2010, the \u00a0FBI conducted its first major crackdown against the Trojan. More than 100 people were arrested on charges of conspiracy to commit bank fraud and money laundering, over 90 in the U.S., and others in the UK and Ukraine; however this didn\u2019t bring ZeuS\u2019 botnets down completely.<\/p>\n<p>In 2011, ZeuS\u2019 source code was \u201cleaked\u201d on the Web, allowing for the creation of numerous derivatives.<\/p>\n<p>In 2012, Microsoft\u2019s Digital Crimes Unit went in. Together with a number of partners from Financial Services, a large Operation b71 carried out in 2012 disrupted the largest ZeuS botnets at once. While the operation was a success, no one really expected to eradicate ZeuS completely.<\/p>\n<p>Later on, in 2014, a large number of major national and international law enforcement agencies, along with multiple security companies and academic researchers, carried out <a href=\"https:\/\/business.kaspersky.com\/hunting-the-hydra-why-gameover-zeus-botnet-is-here-to-stay\/2265\/\" target=\"_blank\" rel=\"noopener nofollow\">Operation Tovar<\/a>, an effort of truly epic proportions, in order to bring down botnets created by Gameover ZeuS, a successor to the original ZeuS. The operation was at least partially successful: communications between Gameover ZeuS and its C&amp;C servers was cut down temporarily. Cybercriminals\u2019 attempts to send a copy of their database to a safe location was intercepted by the cybercrime fighters.<\/p>\n<p>Gameover ZeuS was especially problematic since it was not only stealing the credentials, but also dropped ransomware (then the dreaded <a href=\"https:\/\/business.kaspersky.com\/cryptolocker-and-its-consequences-for-businesses\/3491\/\" target=\"_blank\" rel=\"noopener nofollow\">Cryptolocker<\/a>). As part of dismantling Gameover\u2019s network, crime fighters managed to obtain keys which allowed any of the 500,000 Gameover victims to unlock their files.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>ZeuS is a very old malware, but surprisingly it\u2019s still being used by criminals #enterprisesec<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FEhL2&amp;text=ZeuS+is+a+very+old+malware%2C+but+surprisingly+it%26%238217%3Bs+still+being+used+by+criminals+%23enterprisesec\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>But what\u2019s with ZeuS? Its creator is apparently still at large, as are the owners of Gameover, Chtonic \u2013 yet another derivative, \u2013 and many others. The source code of ZeuS is still being upgraded and improved, and new malware is being built upon the original code, using just some parts of it.<\/p>\n<p>Such as Web injects, which still proves to be very usable and useful to cybercriminals. Atmos may be different from the original ZeuS in many regards, but it does use the very same injects ZeuS has been infamous for.<\/p>\n<p>Security researchers say Atmos itself is representative of a new breed of malware, developed \u201cvery precisely\u201d, in order to carry out targeted attacks. Developers go to great pains to fine-tune their new creation; it is still at the early stages, but already poses a sensitive threat. Experts say Atmos may later become much more aggressive, attacking not just banks but other industries too.<\/p>\n<p>The best way to protect themselves is to deploy a robust, multilayered protective solution, capable of preventing malware (ransomware included) from slipping in, as well as protecting enterprises from fraud and targeted attacks. Check out Kaspersky Lab\u2019s <a href=\"https:\/\/www.kaspersky.com\/enterprise-security\" target=\"_blank\" rel=\"noopener nofollow\">Enterprise Security solutions<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yet another ZeuS variant is threatening businesses.<\/p>\n","protected":false},"author":209,"featured_media":15412,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3021],"tags":[2411,36,420,241,698],"class_list":{"0":"post-5476","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-atmos","10":"tag-malware-2","11":"tag-ransomware","12":"tag-trojan","13":"tag-zeus"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/atmos-yet-another-zeus-variant-is-threatening-businesses\/5476\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/atmos-yet-another-zeus-variant-is-threatening-businesses\/5476\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/atmos-yet-another-zeus-variant-is-threatening-businesses\/5476\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/atmos\/","name":"Atmos"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/5476","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=5476"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/5476\/revisions"}],"predecessor-version":[{"id":26697,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/5476\/revisions\/26697"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/15412"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=5476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=5476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=5476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}