Cyber criminals have attacked Canada’s 14 main financial institutions with a ZeuS variant call “Maple”. The name refers to the maple leaf on the Canadian flag. These attacks started in January of 2014. The attacks have been reported by IBM’s Boston based security division, Trusteer.

This variant of ZeuS has enhanced features such as an anti-bugging packer written in Visual Basic. This feature exploits the Windows flags PEB!IsDebuggedFlag and PEB!NtGlobalFlags, preventing the flags from being active. With these flags absent you cannot get into debug mode to remove the ZeuS.Maple. The Trojan also encrypts its entry in the Windows Registry using AES-128. Additionally the installation path of ZeuS.Maple is obscured so anti-virus scans cannot detect it. The most notable feature is the ability to restore its own web injection functionality when interrupted. This feature is designed to steal information in your browser Window.

Thus far this virus has been spread using drive-by downloads and phishing emails. Be careful about opening emails from unknown sources and turn off scripting in your browser. Remember to surf the web responsibly.