Adallom Discovers Variant Of Zeus Trojan That Targets Salesforce.com

The Zeus trojan is traditionally known to target steal online banking credentials. Known as the “king of bots” by Symantec, the Zeus trojan horse computer malware operates by stealing online credentials and perfoming unauthorized transactions such as money transfers or bank fraud on Windows machines. According to a recent blog post, Adallom Labs has discovered a variant of the Zeus trojan that targets not only Salesforce.com accounts, but any SaaS application more generally. Instead of performing malicious, keystroke-logging based transactions, this new variant of the Zeus trojan made a replica of the victim’s Salesforce-based CRM and similarly stands to crawl entire SaaS-based applications for the purpose of obtaining access to proprietary data or code. While complete details of the mechanism of the transmission of this new variant of the Zeus bot remain undetermined, Adallom was able to specify that the weak link in the security chain typically originates from end user machines that have been “landmined” by Zeus, as opposed to the SaaS application itself, which typically boasts enterprise-grade security. All this suggests that the cybersecurity space will increasingly need to turn its attention to protecting end user machines outside of the corporate network, particularly in the case of SaaS applications that can be accessed from any web-enabled device. Expect details of the transmission of this new form of the Zeus bot to emerge from Adallom pending further investigation of the customer that experienced the Salesforce.com-related breach of security.

Advertisements