Zeus(ZBot) is the notorious trojan known for stealing login credentials associated with online banking, continues to evolve.
A new variant spotted by TrendMicro security researchers is doing totally different task than other variants. This variant displays websites containing advertisements..
Every time user try do something on the infected machine, these websites will get occupied on the entire screen preventing user from accessing other windows or files.
Even though victim can access the desktop by pressing the 'show desktop' shortcut(win+d), but the websites still being displayed in the background.
"It should be noted that the sites being displayed are all legitimate–running from gaming sites, ticketing sites, music sites to search engines." researcher said.
"Users can actually navigate these displayed sites. One curious feature of this malware is that it also performs various mouse movements and scrolling when the mouse is idle."
Interestingly, this variant doesn't include a module to steal banking credentials. However, it achieves the main goal of stealing credentials - making money for cyber criminals.
