The Zbot botnet that spreads the Zeus Trojan has been detected distributing a new banking Trojan — one that researchers say may serve as a lower-cost alternative for criminals than the popular Zeus and Clampi malware kits.
Zeus and Clampi Trojans have been focused on stealing financial credentials from bank customers. The new Bugat Trojan discovered by SecureWorks appears to be aimed at business customers of large and midsize banks. It’s built for attacks on automated clearinghouse (ACH) and wire transfer transactions for check and payment processing.
Bugat shares some of the features of other banking Trojans, but it uses an SSL-encrypted command and control (C&C) infrastructure via HTTPS, and also seeks FTP and POP credentials.