All hail Zeus! According to financial safeguarding outfit Trusteer, Zbot – or Zeus – is combing and targeting online banking customers of 15 major financial institutions in the US and tinkering about with previously secure, common credit card security programs.
Zeus has been around for a bit. We last reported on his, er, exploits in April.
Zeus leaps into the browser as soon as a user has started secure online banking. It cooks up something that looks a dead-on copy of the Verified by Visa or Mastercard enrollment screens which has all the usual fields to be plonked in: credit or debit card number, PIN or CSV, social security number and expiration date. User details get sent off to a remote server instantly.
The latest Zeus attempts to convince users they need to re-register personal and credit card data by claiming that FDIC rules mean they have to sign up to Verified by Visa or Mastercard Secure to protect their accounts. It’s a pretty convincing copy and we wouldn’t be surprised to find users duped.
Once all the details are entered, con artists can use the Zeus malware to send off “card not present” transactions to retailers that use the exploited enrollment protection. Then it’s the usual case of letting fraudsters steal the identity of victims, register with the security programs and make dodgy dealings, all the while evading fraud detection systems.
The best way to safeguard against Zeus is to make sure you’ve got malware detection software and antivirus software that stops HTML injection. This is what it looks like: