Cybercriminals develop new version of Bugat malware

First seen at the start of the year, Bugat was reported to have a similar methodology to ZeuS, but its actions have largely been countered by mainstream IT security software, Infosecurity understands.

The new version, however, is different in that its code is said to differ from the original edition. In addition, Trusteer says the new version was implicated in the recent phishing campaign targeting LinkedIn users, which was generally associated with the ZeuS trojan.

The emergence of this new version of Bugat, says the security firm, appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known than ZeuS – and therefore harder to detect and block.

At a coding level, Trusteer says that Bugat is similar in functionality to its better-known financial malware brethren ZeuS, Clampi and Gozi.

Once active, the trojan is said to target Internet Explorer and Firefox browsers and harvests information during online banking sessions.

The stolen financial credentials are then used to commit fraudulent Automated Clearing House (ACH) and wire transfer transactions, mostly against small to mid-sized businesses, which Trusteer says results in high-value losses.

Bugat, says the IT security firm, is three times more common in the US than Europe, but its distribution is still fairly low.

Mickey Boodaei, Trusteer's CEO, said that criminals are stepping up their malware distribution efforts by continuously updating the configurations of well-known malware like ZeuS, and using new versions of less common trojans like Bugat, to avoid detection.

"We are in an arms race with criminals. Although ZeuS gets a lot of attention from law enforcement, banks and the security industry, we need to be vigilant against new forms of financial malware like Bugat and SpyEye, which are just as deadly and quietly expanding their footprint across the internet", he said.

What’s Hot on Infosecurity Magazine?