Trend Micro advanced threat researchers recently came across a new ZBOT/Zeus binary file detected as TROJ_ZBOT.BTM.
ZBOT/Zeus variants are well-known for stealing banking information from its victims via various social-engineering tactics (e.g., spammed messages, malicious links sent to social-networking site members in the guise of messages, and compromising legitimate sites), as evidenced by the following documented noteworthy occurrences:
Phishing in the Guise of Enhancing Security
ZBOT Targets Facebook Again
Several Compromised Thai Sites Serve Malware
Apart from the usual information-stealing tactics ZBOT/Zeus Trojans are known for, however, this new variant came with a hidden message that thanks and taunts some well-known antivirus companies for the help they provide the cybercriminals behind the malware to constantly improve on their craft. The said message, however, will only be visible after the binary file (version 18.104.22.168) unpacks and copies itself onto affected systems’ memory.