ZeuS: me talk pretty Finnish one day
(Publication) Google search: [1]
| ZeuS: me talk pretty Finnish one day | |
|---|---|
| Botnet | ZeuS |
| Malware | Zbot |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / Monday, March 19, 2012 |
| Editor/Conference | F-Secure |
| Link | http://www.f-secure.com/weblog/archives/00002331.html (Archive copy) |
| Author | |
| Type | |
Abstract
“ A couple of months ago, there was an overly polite variant of ZeuS circulating here in Finland. And while the Finnish localization was pretty good — it used "Suo anteeksi" within an error message… not typically the kind of thing you'd read via software.
We continue to see decent localization within ZeuS variants (and not just Finnish). Clearly, some bad guys out there have evolved from Google Translate, which is the level of localization we used to expect in the past.
But the bad guys still make basic mistakes. One variant of ZeuS, which is circulating now, includes a Finn's name within the localized efforts. Instead of stating "Welcome Bank Customer", the trojan declares "Welcome name withheld".
Here are some of the banks that are being targeted.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR944,
editor = {F-Secure},
author = {},
title = {ZeuS: me talk pretty Finnish one day},
date = {19},
month = Mar,
year = {2012},
howpublished = {\url{http://www.f-secure.com/weblog/archives/00002331.html}},
}