Zeus malware uses techniques both new and old: Websense

A recently evolved Zeus strain is borrowing techniques both old and new to evade detection, according to Websense Security Labs.

Websense A/NZ country manager, Gerry Tucker, said the mixture of techniques is also used to siphon and steal important data from the infected.

“Malware writers will continue to adapt and update their evasion techniques to stay just above the capabilities of most security solutions,” he said.

An old approach Zeus uses is the hidden Windows PIF file extension executable, a technique Tucker said was once popular and seems to be making a comeback.

In with the new

A new thing the malware does is evolve and adapt the methodology of the information stealing procedures, known as hooking, which has evolved from the Zberp variant.

“The malware’s of use of encryption and HTTPS in its command-and-control communications underscores their efforts and attempts to stay hidden,” Tucker said

Tucker adds the latest iteration of the Zeus malware demonstrates the evolving techniques of cybercriminals’ efforts to evade detection.

“This is one reason that it is now crucial for defenders to have security tools that inspect outbound SSL traffic and prohibit the loss of data through encrypted messages,” he said.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.