Yet another variant of the Zeus banking Trojan has surfaced; this one comes disguised as an Internet Explorer document and uses an authentic digital certificate to download a rootkit onto infected machines. The fake IE document goes ahead and does some fairly routine Zeus things like stealing user data entered into web forms, login credentials, and credit card information, in order to perpetuate financial fraud. More than 200 examples of the Trojan have been discovered in the wild so far, according to researchers at the SSL firm Comodo. The bogus IE file is signed with a seemingly legitimate certificate from the Swiss software development firm Isonet AG.
Source: https://threatpost.com/new-zeus-variant-comes-complete-with-a-signed-certificate/105283/