Pandemiya

Pandemiya has emerged recently as a banking Trojan alternative to Zeus and its many variants. The infamous Zeus Trojan has spawned countless variants and copycats, all based on its code. Pandemiya is unique becausePandemiya is entirely new, with no relation to Zeus at all. This makes it particularly difficult for PC security researchers to control and prevent Pandemiya because it will require an entirely new set of protections. Pandemiya has initiated its activities in the Summer of 2014. Pandemiya was being promoted in the underground hacking community as a variant of Zeus and its many variants. Pandemiya was being sold for $1500 USD for the core program and $2000 for various plug-ins that are used to give Pandemiya additional features.

How Pandemiya may Affect Your Security

Pandemiya is designed to allow the person controlling it to monitor an infected computer. Pandemiya may be used to collect data in secret as well as for taking screenshots of the infected computer's screen. Pandemiya is also designed to permit third parties to inject fake websites on the affected Web browser to trick inexperienced computer users into inputting their passwords into a fake bank website, for example (these kinds of tactics can be avoided by using two-step authentication or other security measures).

Taking a Look at the Pandemiya’s Code

Pandemiya is especially well designed when it comes to avoiding network protections and security software. Pandemiya's coding, not based on Zeus at all, consists entirely of original code. Pandemiya's creator worked on this threat for close to one year. Pandemiya has several features that make Pandemiya particularly worrying for malware researchers:

• Pandemiya is designed to allow third parties to inject fake Web pages into the three most popular Web browsers on the market, Internet Explorer, Mozilla Firefox and Google Chrome.
• Pandemiya also may grab data from these three popular Web browsers.
• Pandemiya may be programmed to perform automated tasks.
• Pandemiya may be capable of collecting files from the infected computer.
• Pandemiya is designed to prevent detection and analysis.
• Pandemiya uses encrypted communications to transmit and receive data from its Command and Control server.

Using plug-ins, third parties can enable Pandemiya to carry out a variety of other tasks. Pandemiya has been linked to an FTP collecting plug-in and another plug-in that may allow Pandemiya to spread via Facebook. When installed, Pandemiya hooks on to certain functions on the affected security program. Using this feature, Pandemiya may collect HTTP form data, access all Web traffic on the affected computer, and be used manually to take screenshots or carry out other operations.

Dissemination Methods Used by Pandemiya

Pandemiya may be spread in a variety of ways, depending on the people that are making use of this threat. For example, Pandemiya may be spread using spam email messages with corrupted attached files or infected websites containing exploit kits. The most common way in which Pandemiya spreads is by using exploit packs that generate a download page that infects the victim's computer as soon as they access it. Pandemiya creates a drive-by exploit page that infects the PC the minute Pandemiya lands on the Web page. The Pandemiya Trojan is contained in an EXE file that executes the installer on the victim's computer. As soon as Pandemiya is installed, it creates a folder with a random name and makes unwanted changes to the system Registry and other computer settings. Pandemiya also drops a randomly named DLL file on the Windows system folder that enables Pandemiya to carry out its attacks. Pandemiya's installation can be hidden in a variety of ways, such as embedding it in an infected Office or PDF document.