A new variant of the peer-to-peer version of the Zeus Trojan has been discovered, according to a new report from ThreatMetrix Labs.
One of the main changes to the new Zeus variant is the way it encrypts its configuration file, which makes automatic detection routines fail to recognize the Trojan, ThreatMetrix said Tuesday. ThreatMetrix Labs came across the version of the Zeus Trojan in April.
The company, which is based in San Jose, Calif., develops reports on the latest capabilities of malware that targets financial institutions, merchants and online businesses.
Its July report examines sample attacks of this new variant across several industries, including social media, financial services, retail and payment processors. Most of the cases involved minor but sophisticated changes to the website designed to steal confidential information, ThreatMetrix said.
For example, in the financial services industry, the Zeus Trojan targets all major credit card company websites. After a customer logs in, an intermediate page will appear, tricking the person into disclosing personal and credit card information.