Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zeus Variant 'Floki Bot' Targets PoS Data (onthewire.io)

Posted by BeauHD on from the out-of-the-woodwork dept.

Trailrunner7 quotes a report from On the Wire: Malware gangs, like sad wedding bands bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is based on the venerable Zeus source code and is being used to infect point-of-sale systems, among other targets. Flashpoint conducted the analysis of Floki Bot with Cisco's Talos research team, and the two organizations said that the author behind the bot maintains a presence on a number of different underground forums, some of which are in Russian or other non-native languages for him. Kremez said that attackers sometimes will participate in foreign language forums as a way to expand their knowledge. Along with its PoS infection capability, Floki Bot also has a feature that allows it to use the Tor network to communicate. "During our analysis of Floki Bot, Talos identified modifications that had been made to the dropper mechanism present in the leaked Zeus source code in an attempt to make Floki Bot more difficult to detect. Talos also observed the introduction of new code that allows Floki Bot to make use of the Tor network. However, this functionality does not appear to be active for the time being," Cisco's Talos team said in its analysis.

12 of 25 comments (clear)

  1. It's all in the name. by dcw3 · · Score: 1

    Someone's been watching too much TV...
    http://vikings.wikia.com/wiki/...

    --
    Just another day in Paradise
  2. Thank God it doesn't target valuable data. by Anonymous Coward · · Score: 1, Funny

    Only Piece of Shit data.

  3. Yo dawg by Hognoxious · · Score: 1

    sad wedding bands bands

    Nice one, manishs.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  4. Re:Floki ha ha ha by OneHundredAndTen · · Score: 1

    They meant Microsoft software.

  5. Zeus Variant only targets Microsoft Windows by khz6955 · · Score: 2

    'Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows'

  6. Zeus Variant and Malware gangs by khz6955 · · Score: 1

    Don't you mean Microsoft Windows and Zeus Variant and Malware gangs

  7. Re: Are we sure this is Russian? by stealth_finger · · Score: 1

    Why the double i?

    --
    Wanna buy a shirt?
    https://www.redbubble.com/people/stealthfinger/shop?asc=u
  8. Re: Are we sure this is Russian? by JustAnotherOldGuy · · Score: 1

    all you're capable of doing is attempting to discredit me by falsely labeling me a racist.

    You're not a racist, you're an asshole. And if you ever dragged your goober ass through my neighborhood you'd be reclassified as a "target".

    --
    Just cruising through this digital world at 33 1/3 rpm...
  9. Re: Are we sure this is Russian? by Hognoxious · · Score: 1

    What double i?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  10. Re: Are we sure this is Russian? by stealth_finger · · Score: 1

    Thankfully, niiggers aren't smart enough to do this

    We need to rid ourselves of niiggers,

    No more towelheads, niiggers, kikes, wetbacks, and chinks!

    It's a fact that niiggers,

    While niiggers

    It's a fact that niiggers

    Those ones, at least Mr "Not a racist" here is consistent.

    --
    Wanna buy a shirt?
    https://www.redbubble.com/people/stealthfinger/shop?asc=u
  11. Re: Are we sure this is Russian? by Hognoxious · · Score: 1

    I think there's a problem with your browser. Are you running Windows? If so, reinstall your OS.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  12. Re: Are we sure this is Russian? by stealth_finger · · Score: 1

    II'm not reiinstalliing anythiing.

    --
    Wanna buy a shirt?
    https://www.redbubble.com/people/stealthfinger/shop?asc=u