03.23
The FraudAction Research Lab has recently analyzed a Zeus 2.1.0.1 variant downloading an additional Trojan into infected PCs by fetching a Citadel Trojan think of the Borg on Star Trek. RSA is witness to many Zeus botmasters who upgraded and moved up to Ice IX neighborhoods, and now, to yet another summer home – Citadel infrastructures.
Zeus 2.1.0.1 is a commercially available upgrade[1] of the Zeus 2.0.8.9 banking Trojan which was the last “true” variant released by the original coder, Slavik and his developers team. This Trojan does not present any features much different than its predecessor.
RSA researchers have studied a Zeus 2.1.0.1 variant that runs on infected machines, seconds later calling for a download of an additional Trojan: a Citadel v1.3.2.0 variant. Although the Lab already saw Zeus botnets replaced by Ice IX botnets, this is one of the first instances analyzed of the Trojan calling for a Citadel replacement onto the infected PC
[…]
