New Variant of Zeus Trojaner

Hello,

the German Federal Office for Information Security (BSI) warns of a new Zeus Trojan. Why this is still not detected by Prevx scan yet, although apparently safe online here also has gaps (according to forum posts)?.



https://www.bsi.bund.de/ContentBSI/...eVarianteZeuS-Trojaner-imUmlauf-30062011.html

VT results remove as per forum policy Jotti/Virus Total Results

 

And I always thought links to VT were forbidden here? - Though I never understood the reason for that rule and thanks btw also for posting your warning. - But I have to say from my long time observations that Prevx results on VT are often different from what you would have seen on your own system (where Prevx is actually running). So you probably can't derive from that VT scan result that Prevx would not detect this bad thing while running on your system. - Or did you test this locally? Then this would be bad news indeed.

 

I have to agree with guest on this as I test allot of malware and I know that Prevx detects them but does not show up on VT for what ever reason! Also we were told that VT does not use the full version of Prevx 3.0 it's some type of commandline scanner! PrevxHelp can fill us in again!

TH

 

Sorry for the VT link :-(.
From e.g. heise.de was reported by Zeus, there was the VT link, since a large part of the virus scanner does not recognize Zeus. I was just surprised that Prevx has not even recognized. I know that strength lies in the recognition of Prevx when you run the programs, but was also of the opinion that the normal scan also detects viruses, or at least very recent. I will now scan the attachement on my testmachine with prevx full.

 

If it's not detected can you follow the instructions here to submit the sample to Prevx: https://www.wilderssecurity.com/showthread.php?t=245129

TIA,

TH

 

We will certainly add detection if it is missing but indeed the VT results don't accurately reflect what Prevx or any of the products actually detect. The engines on VT are very different than what the consumer versions run and consequently have different detection results.

Additionally, with Zeus in particular, we could intentionally remove every database rule which detects it and all of our users would still be fully protected as SafeOnline works generically to prevent it.

Hope that helps!

 

there are so many zeus and other variants every day you will find often variants not detected by companys. this zeus from the bsi article is nothing new, its only a new spam campaign not more.

 

Thank you very much for the answers!

@markusg
No, it is a new type of zeus with an integrated download for further components.

 

no, this is not new, often we can find zeus variants downloading other malware. for exsample fake avs, to get as much money from the user as posible.
we also can see this with tdss for exsample
perhaps im wrong, so somebody from prevx will korekt my