Information Security Blog

ZeuS, SpyEye and now OddJob Malware

ZeuS, SpyEye and now OddJob Malware

First there was ZeuS

ZeuS, SpyEye and now OddJob Malware

We have written on our blogs about the ZeuS malware (also known as Zbot, PRG, Wsnpoem, Gorhax and Kneber) many times before, but the list of banking Trojans are growing. SpyEye (a competitor of ZeuS) was also designed steal information.   In a new twist, SpyEye and ZeuS have recently merged together with one common control panel, leaving ZeuS as the biggest malware threat to the banking industry.   ZeuS appears to affect all versions of the Windows Operating System.

Then there is OddJob

The newest Trojan on the block is OddJob which will steal the victim’s online banking session ID token (including any unique identifier assigned to the user) and maintains the user’s last bank session by bypassing the logout request, allowing it to access the user’s banking data as long as the session remains valid.  Considering the ease of this attack, Pivot Point Security expects that similar functionality will be developed into ZeuS/SpyEye.

“Depending on its configuration, OddJob can perform a variety of actions on targeted websites, such as logging web requests, capturing full pages, terminating connections and injecting data into web pages. All stolen requests and pages are instantaneously sent to C&C servers, allowing attackers to hijack users’ sessions in real time without victims realizing anything is amiss.” – Angela Moscaritolo, SC Magazine, Feb 22, 2011

If your bank offers an online banking solution, ask yourself this question:  “How long can a user idle before the customer is automatically logged out?”

But it’s the customer’s computer

While OddJob, ZeuS and SpyEye all target the end user, that end user is your customer.   Your customers who have been affected may not even know about it!  This can lead to upset customers who have suddenly discovered that their assets have been raided, to extra resources consumed trying to unravel fraudulent activity, to bad press and damage to your bank’s brand.

And it can get worse…  How about when this malware gains a foothold inside your network?

Knowing is half the battle

Many of our banking clients have begun to extend their security program to include Malware Assessments, Security Awareness training, and Social Engineering.  A Malware Assessment helps provide assurance that bank’s networks are safe from infection.  Security Awareness training helps your staff become more cognizant of online threats, reducing the chances that malware can gain access to your network.  In addition, it can be leveraged to help educate your customers so that they can protect themselves!  Lastly, Social Engineering can help you evaluate the effectiveness of your Security Awareness training program, identifying gaps or weak points.

The next time you are having a Vulnerability Assessment and Penetration Test done, do yourself a favor and request a Malware Assessment as well.



Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Whitepaper: Stop Wasting Money on Penetration Testing


Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Whitepaper: Five Best Practices for SIEM


The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

About the Author:

Marketing at Pivot Point Security

Add a Comment

Share This