Financial threats

A little while ago it became clear that the ZeuS program design had been passed on to the creator of another competitor Trojan called SpyEye

New version of ZeuS in the Mobile (now also for Windows Mobile) appeared. ZeuS in the Mobile for Blackberry devices has just been discovered.

GpCode initially appeared in 2004, new versions appeared annually until 2008 and then a long silence – and now, a new and powerful GpCode-like ransomware is atttacking.

Amongst some others the Zeus bot is one of the most prolific bots in the wild and in the media. Lately there has been quite a few reports on the aspects surrounding Zeus, such as new research and the Troyak takedown.

What wonderful times we live in! Thanks to the development of the Internet, we can purchase things and pay for services quickly and easily. Things have become incredibly convenient.

Today’s bank customers face the very real threat of losing their hard-earned cash if their online banking identities are stolen by cybercriminals.

Fabio, our researcher in Brazil, has noticed malware authors using an old trick to mask URLs. The trick involves specifying an IP address such as say, 66.102.13.19 in a numerical base other than base 10.

Malicious programs targeting the confidential data used to access online banking systems have long been the bane of financial organizations worldwide

It’s holiday time, and of course the bad guys know that shopping is a popular activity during this period, particularly in Europe and the US.

During routine malware analysis we sometimes find new techniques which are being used by Brazilian cybercriminals to remove security protection.

We’ve had a number of people contacting us with queries about ‘Kaspersky Lab Antivirus Online’ after their computer showed them the ransom message.

Today we heard a disturbing rumor about a new version of Gpcode. We immediately began talking to victims and trawling the Internet for samples.

Our previous blog on Gpcode said we’d managed to find a way to restore files in addition to those files that can be restored using the PhotoRec utility.

Our StopGpcode project has attracted a lot of attention from individual researchers and organizations who are interested in solving the puzzle of the blackmailing virus. Thanks for all of the feedback.

Currently, it’s not possible to decrypt files encrypted by Gpcode.ak without the private key. However, there is a way in which encrypted files can be restored to their original condition.