Zeus takes aim at credit authentication services

By on

The infamous Zeus malware botnet has begun harvesting user bank data by posing as a credit card verification scheme.

Security firm Trusteer said that the malware has been injecting phishing pages into user systems which harvest bank details along with personal identification information. The pages claim to be from the bank and ask the user to fill out an "enrolment form" for the 'Verified by Visa' or Mastercard 'SecureCode' security programmes.

The Zeus botnet has built up particular notoriety for its phishing practices. Rather than attempt to redirect users to infected sites or phishing pages, the malware embeds itself within the system and then generates phishing pages locally.

According to Trusteer, the malware is now waiting for the user to log into banking sites, and then generating the phishing pages which the malware claims to be from the user's own bank. Trusteer said that the attack currently targets customers of at least 15 US financial institutions.

The stolen account data is then used to register accounts with the services and perform fraudulent transactions.

While Zeus has commonly been linked to financial fraud operations, the malware has performed other activities. Earlier this year the botnet made headlines when it moved from collecting financial data to harvesting information from government workers.

The infections have continued despite increased efforts to shut the botnet down. Trusteer estimates that the malware may infect as many as one out of every 100 machines.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
bank botnet malware pages phishing security trusteer

Partner Content

How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra

Sponsored Whitepapers

Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Australian MSP Index launched

Australian MSP Index launched
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Announcing Pipeline 2025 tickets, theme & initial speakers

Announcing Pipeline 2025 tickets, theme & initial speakers
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?