Information Security Blog

ZeuS, SpyEye and now OddJob Malware

ZeuS, SpyEye and now OddJob Malware

First there was ZeuS

ZeuS, SpyEye and now OddJob Malware

We have written on our blogs about the ZeuS malware (also known as Zbot, PRG, Wsnpoem, Gorhax and Kneber) many times before, but the list of banking Trojans are growing. SpyEye (a competitor of ZeuS) was also designed steal information.   In a new twist, SpyEye and ZeuS have recently merged together with one common control panel, leaving ZeuS as the biggest malware threat to the banking industry.   ZeuS appears to affect all versions of the Windows Operating System.

Then there is OddJob

The newest Trojan on the block is OddJob which will steal the victim’s online banking session ID token (including any unique identifier assigned to the user) and maintains the user’s last bank session by bypassing the logout request, allowing it to access the user’s banking data as long as the session remains valid.  Considering the ease of this attack, Pivot Point Security expects that similar functionality will be developed into ZeuS/SpyEye.

“Depending on its configuration, OddJob can perform a variety of actions on targeted websites, such as logging web requests, capturing full pages, terminating connections and injecting data into web pages. All stolen requests and pages are instantaneously sent to C&C servers, allowing attackers to hijack users’ sessions in real time without victims realizing anything is amiss.” – Angela Moscaritolo, SC Magazine, Feb 22, 2011

If your bank offers an online banking solution, ask yourself this question:  “How long can a user idle before the customer is automatically logged out?”

But it’s the customer’s computer

While OddJob, ZeuS and SpyEye all target the end user, that end user is your customer.   Your customers who have been affected may not even know about it!  This can lead to upset customers who have suddenly discovered that their assets have been raided, to extra resources consumed trying to unravel fraudulent activity, to bad press and damage to your bank’s brand.

And it can get worse…  How about when this malware gains a foothold inside your network?

Knowing is half the battle

Many of our banking clients have begun to extend their security program to include Malware Assessments, Security Awareness training, and Social Engineering.  A Malware Assessment helps provide assurance that bank’s networks are safe from infection.  Security Awareness training helps your staff become more cognizant of online threats, reducing the chances that malware can gain access to your network.  In addition, it can be leveraged to help educate your customers so that they can protect themselves!  Lastly, Social Engineering can help you evaluate the effectiveness of your Security Awareness training program, identifying gaps or weak points.

The next time you are having a Vulnerability Assessment and Penetration Test done, do yourself a favor and request a Malware Assessment as well.



Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

About the Author:

Marketing at Pivot Point Security

Add a Comment

Share This