New Banking Trojan Discovered Targeting Businesses' Financial AccountsBugat Trojan spread via the Zbot/Zeus botnet, say SecureWorks researchers
Feb 09, 2010 | 04:27 PM By Kelly Jackson Higgins
The infamous Zbot botnet that spreads the pervasive Zeus Trojan has been seen distributing a brand-new banking Trojan -- one that researchers say could serve as a lower-cost alternative to the popular Zeus and Clampi malware for cybercriminals.
The new Bugat Trojan, which was discovered by researchers at SecureWorks, appears to be aimed at mostly business customers of large and midsize banks. It's built for attacks that hack automated clearinghouse (ACH) and wire transfer transactions for check and payment processing -- attacks in which U.S.-based SMBs and state and local governments are losing an average of $100,000 to $200,000 per day, according to data from Neustar.
To date, Zeus and Clampi Trojans have mostly been used for stealing financial credentials. But Jason Milletary, security researcher with SecureWorks' Counter Threat Unit (CTU), says Bugat has some of the same features as other banking Trojans, but with a few twists: It uses an SSL-encrypted command and control (C&C) infrastructure via HTTP-S, and also goes after FTP and POP credentials via those encrypted sessions. Milletary says SecureWorks has witnessed around 1,200 to 3,000 Bogat attack attempts during the past week against its clients. "We saw in the wild that it was being distributed from a specific Zeus botnet," he says. "Oddly enough, its purpose is the same as Zeus ... but it's something not as recognizable as Zeus or that's cheaper [to purchase] in the long term."
Bugat's main targets so far are business financial accounts...
Continue "Dark Reading"