Terdot is a dangerous Banking Trojan which packs a broad range of features but, thankfully, it does not appear to be a threat that was written from scratch. The authors of Terdot have used a significant part of the code used by the original Zeus Trojan. The source code of the latter was leaked back in 2011, and it has been used by many cybercrooks to create Zeus-based banking Trojans that pack additional features.
The improvements seen in Terdot are rather threatening since they allow the threat to do more than merely intercept the traffic between the victim and their online banking portal. Terdot also allows the cybercrooks to spy on social media profiles, and even post on behalf of the user. This might be exploited to use the victim’s account to spread corrupted links and software, therefore finding more victims that can be infected with Terdot. It appears that the current variant of Terdot uses two distribution methods – spam e-mails and compromised websites, which have been loaded with the SunDown Exploit Kit.
Terdot has the ability to spoof SSL certificates, which might allow it to trick users into thinking that they are browsing a legitimate bank page when, in fact, they’ve been redirected to a phishing page operated by the attackers silently. Terdot also possesses the ability to redirect the victim’s traffic through a proxy, which could allow the attackers to analyze the Web traffic and filter it for sensitive information such as passwords, user credentials, etc.
Since Terdot are meant to extract the user’s information silently, it has been programmed to be almost impossible to notice. The best way to ensure that you will never be threatened by a banking Trojan is to use a credible anti-virus software suite that is being updated on a regular basis. In addition to this, you can further reduce the chances of being infected by threats by avoiding suspicious websites and ignoring e-mail attachments that weren’t from a verified and credible account.