Incident Response, TDR

Threat of the Month: Bzub spyware

What is it?
Bzub is highly configurable spyware designed to steal banking information.

Apparently developed in Russian hacker circles, it has since been adapted by groups all over the world for their own uses. Bzub affects Windows XP, 2000, and 2003 users.

How does it work?
Bzub is usually delivered via emails as an attachment (often a downloader that grabs and installs Bzub), or via a malicious website that loads the malware onto the victim machine. Bzub acts as an Internet Explorer browser helper object, giving it full access to the data entered by the user.  A configuration file tells Bzub what banks and sites to capture credentials for. Finally, data is sent to a “drop site,” a website that collects the infected PC's information.

Should I be worried?
Because of the depths to which it can steal data from a user's system, we are greatly concerned about the scale of theft going on with Bzub.

How can I prevent it?
Bzub installations occur through social engineering and exploit websites. Multiple defensive measures need to be taken. Updated anti-virus can help detect some of the variants, and updated browser and extension software can help. Running as a non-administrative user can prevent the DLL from being installed and loaded into the browser.
- Jose Nazario, senior security researcher, Arbor Networks

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds