The malware Omroep Zeeland are users unintentionally contaminated, was a clone of the infamous Zeus malware. That sets a beveiligingsexpert. The malware can be used to prevent fraud with online banking to commit.
Thursday turned out that multiple browsers to the website of Omroep Zeeland blocked because there was malware. Beveiligingsexpert Erik Loman of Surfright, a developer of Hitman Pro, set in a response to Tweakers.net that it comes to the trojan Citadel, which can be used to fraud with internet banking to commit. Citadel is an open-source clone of the infamous Zeus trojan.
Omroep Zeeland was on Friday unable to comment on the findings of Loman. However, the broadcaster Thursday evening confirmed that there was malware concerns. Probably were banners on the site responsible for the spread of the virus; that is a technique that criminal groups often use to install malware.
Loman argues that the trojan via a Java exploit is installed. The opinion of Omroep Zeeland, to AVG, or Avira to use the trojan to detect, probably has little sense, because the malware is not yet identified. Also a lot of other anti-virus scanners, such as Avast, Microsoft, Sophos, and Symantec to recognize the virus yet. Include Kaspersky, NOD32, and McAfee edition do that.
The Omroep Zeeland advises to update the virus before it is used, but one of the ‘features’ of the Citadel is precisely that updates of anti-virus via dns changes are prevented. How many users by the trojan are affected, is unknown.
It is going to be other malware than with NU.nl; that site was hit by the Sinowal trojan, who already had the credentials of users steals. That settles itself in the master boot record of the hard disk, which lot of security software has trouble to remove the virus. An estimated 100,000 NOW.en-visitors have been infected with that trojan.
Earlier this week it was also Bart Smit hit by malware-warnings in browsers. Whether there is actually malware was present on the site of the speelgoedwinkelketen is unclear. The company would not elaborate on the matter: “We never give interviews”, let the main office know.
Update, Saturday, 16:13: the reaction of Loman is to be considered that Loman although the malware being investigated that is likely to Omroep Zeeland was to be found, but that’s not to say for sure. He pulled out the malware from an other website, probably with the same malware infected would have been. Also, the analysis of VirusTotal, sometimes, not always correctly, which is not clear or AVG, Avira and other anti-virus scanners the threat actually does not recognize. That shows Roel Schouwenberg of Kaspersky know.