64-Bit Version of ZeuS Comes with Improved Evasion, Rootkit Capabilities

2014-Jan-09 | Tags: rootkit

Start64!Back in December 2013, Kaspersky reported spotting a 64-bit version of the notorious ZeuS banking Trojan. At the time, experts revealed that the threat was relying on Tor in order to protect its command and control infrastructure.

Now, Trend Micro researchers have also analyzed the 64-bit ZeuS and they’ve found some interesting details.

Apparently, the threat comes with improved antimalware evasion tricks. The malware is capable of identifying certain analysis tools such as StudPE, WinHex, OllyDbg and ProcDump. Execution is prevented if any of these tools is detected.