Hybrid is a spreading menace Researchers have uncovered evidence that the infamous Zeus login-stealing Trojan has been blended with the Ramnit worm to create hybrid malware that can attack online bank accounts while spreading across networks.Security company Trusteer said it recently discovered a mutant version of Ramnit that appeared to be using a man-in-the-browser (MitB) web injection module to trick bank customers into handing over their logins details, a technique straight out of the Zeus (aka ‘SpyEye’) design book.The company has not yet established that the malware’s source code was definitely from Zeus, but is confident that there was now enough circumstantial evidence to suggest that it was.The Zeus source code is believed to have become widely available in criminal circles in May after a leak of unconfirmed origin so security watchers have been on the lookout for new malware incorporating some of its most powerful and often very specific features. Trusteer is convinced that the Ramnit variant is the first recorded example of that. Ramnit itself is an unremarkable worm so why criminals might want to combine it with Zeus is open to speculation.“Zeus does not have its own propagation mechanism,” said Trusteer’s CTO, Amit Klein. “The author might be going after networks,” he explained, noting that the hybrid malware had the ability to spread the Zeus data stealing across network shares, a potentially powerful new ability. If the malware turns out to have incorporated Zeus, it suggested that more malware using it would appear in the coming months, he added.“We are seeing it [Ramnit] across multiple regions, especially in the UK and the US. It is going well,” said Klein, confirming that an unknown but significant number of infected PCs in these countries had been infected, presumably a conclusion culled from an analysis of logs on its German-hosted command and control servers.The behaviour of the new Ramnit is certainly consistent with Zeus, which typically attacks a range of banks, particularly those in countries where Internet banking is well established such as the UK and the US.“Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program – old or new. The malware distribution channel for fraudsters has increased in scale significantly.” A fuller analysis of the new malware and its connections with Zeus can be found on Trusteer’s website. The new version is detected – and not detected – by the same spread of of antivirus products that detected older versions of Zeus, which is to say only by some. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe