Zeus Sphinx Back in Business: Some Core Modifications Arise

CERT-LatestNews Malware ThreatsCybercrime ThreatsStrategic

Figure 1: Run key set for Sphinx’s executable payload. Since Sphinx’s malicious payload can come in two different formats, an executable file or a dynamic link library (DLL), it also sets the Registry Run key according to the format being installed. For the DLL format, we would see the following….