First detected way back in July 2007, the Zeus Trojan (commonly referred to as Zbot, RPG, and Kneber to name a few of its many aliases) has reared its ugly head again, this time with an updated version.
Security firm M86 is reporting in a white paper that in the past few months the virus has slowly sapped the equivalent of more than one million US dollars in funds from checking accounts in a United Kingdom bank. The company declines to say which bank has been struck.
This is not the first time the virus has been updated and activated. Originally the Trojan was used to steal information from the Department of Motor Vehicles. Two years later it was found to be sleeping on some 75,000 sites, including Bank of America, NASA, Amazon, and Cisco Systems. From there it went on to lure users in via fake Facebook and Verizon wireless phishing emails.
Currently the Trojan is being sold in underground forums for around $700 and comes in over a hundred different varieties. Using a control panel interface, even newbie hackers can use the "toolkit" to infiltrate an unsuspecting victim's computer. Once installed it is very difficult, if not impossible, for most antivirus programs to detect.
In the past, the virus only infected computers with the Windows XP OS installed, but this latest round was found on Macs, Sony PS3s and even on several Nintendo Wii consoles.
Once embedded into a user's system, the bot waits for the user to log in to their bank's website and then comes to life, taking screen shots, keystrokes, and copying data from form fields. It can also assume control of the user's computer, making it a zombie to help infect other users, and has been known to install a kill switch that terminates both the virus and the user's computer (this was seen back in May of 2009 when someone triggered the kill switch and "murdered" 100,000 PCs).
As the user interacts with their account online, the Trojan checks the balance of the user's account and then determines how much, if any, money it can withdraw without setting off alarms. It then withdraws the money and transfers it through a series of "dummy" accounts before finally coming to rest in the hacker's account.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By James Payne