Comodo Labs Identifies Dangerous Zeus Banking Trojan Variant

Comodo Antivirus Labs has identified a new and extremely dangerous variant of the Zeus banking Trojan. Hackers use Zeus to launch attacks that obtain the login credentials of visitors to online banking sites and commit financial fraud. The significance of this variant is the combination of a legitimate digital signature, rootkit and malware component. Malware with a valid digital signature is an extremely dangerous situation.

But does Comodo not trust digitally signed files, if so how will it protect the end user? As this file is using a stolen Windows signed file, should I untick the trust applications signed by trusted vendors?

Comment from MalwareTips staff - Not my Comment/View

“I sure hope this is not another wolf cry like before when they claim that they found a new type of malware and it was debunked by other security software vendors.”

Why has this been moved to this section, it’s not relevant to install/setup??

Comodo does not trust all digitally signed files. Only the ones that are from a Trusted Vendor.

If a Windows cert would get stolen that would be huge. Disabling one of the Windows signed in Trusted Vendors list would potentially make a big mess.

Could you provide us with a link to the article at Malware Tips that you are referring to?

I moved the topic to a better suited sub board.

It’s also on the Comodo blog:

https://blogs.comodo.com/e-commerce/comodo-av-labs-id-zeus-trojan/

I apologise I read the article wrongly, it’s digitally signed file with a valid certificate

It is not using a valid stolen Windows cert but a stolen valid cert from Isonet AG.

Comment from MalwareTips staff - Not my Comment/View

“I sure hope this is not another wolf cry like before when they claim that they found a new type of malware and it was debunked by other security software vendors.”