Dr Web researchers find new malware that can spread itself and avoid detection on Windows systems
Security researchers have discovered a new virus targeting Russian bank customers using many of the techniques employed by notorious malware such as Zeus and Carbeep.
Russian anti-virus firm Dr.Web says ‘Trojan.Bolik.1’ is a polymorphic file virus that infects 32-bit and 64-bit applications without any user intervention.
The tactics it employs to avoid detection and the amount of time it takes to remove from an infected system mean it can be particularly troublesome.
“Functions and architecture of Trojan.Bolik.1 are very sophisticated, which makes it really dangerous for Windows users,” said the researchers.
Once present on a system, the virus checks for executable files or on connected USB devices and embeds ‘Trojan.Bolik.1’ and the information it needs to run in an encrypted format. Once an infected program is executed, the virus decrypts and runs directly in-memory. A virtual file system stores the information it needs and it borrows web injections from Zeus to steal banking details.
“The main purpose of Trojan.Bolik.1 is to steal confidential information,” continued the researchers. “The Trojan can execute this function by several means. For example, it controls data transmitted by Microsoft Internet Explorer, Chrome, Opera, and Mozilla Firefox to steal information entered into input forms.
“Besides, the malware program can take screenshots and perform the keylogger functions. Trojan.Bolik.1 is also able to create its own proxy server and web server for file sharing with virus makers.
“All sent and received information is encrypted with a complicated algorithm and is then compressed.”
Zeus has been targeting bank customers for a number of years. The aforementioned web injects can trick users into entering details into portions of websites they think are genuine.
How much do you know about hackers and viruses? Take our quiz!