Infostealer Banker Trojan Outbreak
Outbreak Date: 9-22-09
Outbreak Filters Protects Users Hours Before AV Solutions
Summary
IronPort's Virus Outbreak Filters again protects customers within the critical period between the first exploit of a virus outbreak and the release of an AV signature. During the recent Infostealer Banker Trojan (aka "Zbot-IA Trojan") outbreak, Virus Outbreak Filters protected customers 21 hours and 18 minutes* before the first major anti-virus vendor provided protection.
Outbreak Details
Starting on September 22nd, 2009, email attacks were sent purportedly requesting users install a new certificate to provide a safe and secure online customer service experience. The alleged certificate that is attached is actually an executable Trojan. Once again, a classic social engineering attack to compromise user PC's for criminal financial gain.
Once the attachment is opened, a malicious backdoor Trojan application is installed that disables the firewall and steals sensitive online banking details (credit card numbers, online banking login details), and provides a hacker with remote access to the compromised system.
Virus Outbreak Timeline
TOTAL: 21 hours 18 minutes additional protection from first AV vendor.
*Vendor signature times per AV-Test. Signature times from the following vendors: Sophos, Trend Micro, Symantec and McAfee. Generic signatures not included.
