Zeus banking malware now has 64-bit version

Published December 24, 2013 4:55pm

The dreaded Zeus malware that targets banking data has just gotten deadlier with the emergence of a variant that runs on 64-bit computers and devices.

Such a move may be in anticipation of the software industry’s shift away from older 32-bit architectures to the 64-bit system, PC World reported.

It said Kaspersky Lab discovered the 64-bit version of Zeus within a 32-bit sample. An analysis showed the new malware had been circulating online since at least June.

"(W)hile the move to 64-bits was expected to happen eventually, Kaspersky was surprised to see the beefier version of Zeus so soon. That’s because there’s no apparent need for such a version yet," PC World said.

The report said the newest Zeus variant uses the Tor anonymity network to communicate with the command-and-control server.

PC World said this could be a milestone because the popularity of Zeus and its variants shows "64-bit development in the underground has become mainstream."

”Researchers and the security community have long anticipated that more and more 64-bit malware would arrive on the scene, and here is one of the most used, most problematic pieces of spyware taking on that challenge,” it quoted Kaspersky's Kurt Baumgartner as saying.

Zeus usually exploits the web browser to steal banking data, though most present-day browsers are 32-bit.

Citing data from Kaspersky, PC World said less than 0.01 percent of users browsing the Internet with Microsoft's Internet Explorer 64-bit browser.

"Even if the browser is on a 64-bit operating system, Zeus can still capture data related to online banking and wire transactions, such as user names, passwords and cookies. The malware also can modify data to cover its tracks," PC World said.

PC World said an initial analysis showed the 32-bit sample of the malware tries to inject malicious code into the browser, then switches to 64-bit if the browser is 64-bit. — TJD, GMA News

Tags: malware, cybersecurity