BlackBerry Forums Support Community

Orinoko · 08-09-2012, 08:02 AM

Hi,

Is there any way to block the recently publicised Zeus virus using BES? I know you can block certain software packages from being installed so can this not be utilised?

Thanks.

dc/dc · 08-09-2012, 09:08 AM

There are no viruses or malware that affect BlackBerry. Do not involve BES in fighting a Windows malware. Get a good endpoint security system for your Windows workstations if you don't have it, get a firewall installed, and make sure they're all up to date.

Dubdub · 08-09-2012, 09:09 AM

Zeus isn't a recent virus, as it has been around since 2009. AFAIK, it affects PCs only. There is no known virus targeting the BB, so not something that should cause you to lose sleep over.

daphne · 08-09-2012, 10:23 AM

It's been in the news just recently there IS now a Zeus trojan targeting BlackBerry.
Researchers Identify Four BlackBerry Zitmo Variants | SecurityWeek.Com

Aug. 7

Quote:

Security researchers have identified new Zeus malware samples targeting Android and BlackBerry devices.

Despite its significant user base within enterprises, BlackBerry devices have managed to stay off the radar for malware writers. That may be ending, as Kaspersky Lab recently analyzed four new Zeus-in-the-mobile (Zitmo) samples targeting BlackBerry users in Germany, Spain, and Italy, Denis Maslennikov, a researcher at Kaspersky Lab wrote on the company's Securelist blog. These variants were communicating with two command-and-control cell phone numbers associated with a Swedish mobile operator.

Zitmo refers to a version of the Zeus malware that specifically targets mobile devices. Previous Zitmos variants masqueraded as banking security applications or security add-ons to circumvent out-of-band authentication systems used by some financial institutions by intercepting one-time passwords sent via text message and forwarding it to a another cell number that acted as a command-and-control device.

"Yes, finally we've got a ZitMo dropper file for BlackBerry," Maslennikov wrote.

The samples were three .cod files and one .jar file with a .cod file inside. The BlackBerry variants didn't have any major differences from other Zitmo versions in the wild, other than grammatical corrections, Maslennikov said. The list of commands used by the malware remained the same, according to the blog post.

More info in the link

The mobile version of Zeus is called Zitmo and it targets Android as well as BlackBery.
New ZitMo for Android and Blackberry - Securelist

Quote:

We’ve got 5 new files of ZitMo: 4 for Blackberry and 1 for Android. As you may know, the Blackberry platform has never been actively targeted by malware. And here we have 4 different samples of ZeuS-in-the-Mobile for Blackberry at once: 3 .cod files and 1 .jar file (with one more .cod inside). Yes, finally we’ve got a ZitMo dropper file for Blackberry.

dc/dc · 08-09-2012, 01:44 PM

Quote:

Originally Posted by daphne

It's been in the news just recently there IS now a Zeus trojan targeting BlackBerry.
Researchers Identify Four BlackBerry Zitmo Variants | SecurityWeek.Com

Aug. 7

More info in the link

The mobile version of Zeus is called Zitmo and it targets Android as well as BlackBery.
New ZitMo for Android and Blackberry - Securelist

Bizarre. I searched the googles and didn't see that link.

Dubdub · 08-09-2012, 02:15 PM

I stand corrected. Thanks Daphne.

daphne · 08-09-2012, 03:03 PM

Quote:

Originally Posted by dc/dc

Bizarre. I searched the googles and didn't see that link.

Easy search: BlackBerry zeus

Google

I see this is hitting more tech sites now.

dc/dc · 08-09-2012, 06:21 PM

Quote:

Originally Posted by daphne

Easy search: BlackBerry zeus

Google

I see this is hitting more tech sites now.

Damn that Google! LOL

knottyrope · 08-13-2012, 09:22 AM

Quote:

Originally Posted by Orinoko

Hi,

Is there any way to block the recently publicised Zeus virus using BES? I know you can block certain software packages from being installed so can this not be utilised?

Thanks.

Yes you can create a software configuration and white list only the apps you want to be allowed.

Orinoko · 08-20-2012, 11:27 AM

Thanks for getting back to me, yes I guessed that I would be able to use software configurations to block the threats but do you have any ideas on the names of the software that should be blocked? I look after a few thousand BES linked BB's so although it present we probably wouldn't deploy the 'fix' it is good to be ready in case it escalates.