Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Enrolment Screen Injection Trojan Brings Fear to Online US Banks

Trusteer : 15 July, 2010  (Technical Article)
The Zeus financial malware is affecting US banks with enrolment screen injection which strips out personal details of the enroller such as card details and personal data
Trusteer has announced that the Zeus (Zbot) financial malware is targeting online banking customers of 15 leading US financial institutions by exploiting two trusted credit card security programs. After users have initiated a secure online banking session, the Zeus Trojan injects into the browser a facsimile of the familiar Verified by Visa and MasterCard SecureCode enrolment screen. It then prompts users to enter their social security number, credit or debit card number, expiration date, and PIN or CSV code.

The information gathered by Zeus is used by fraudsters to commit 'card not present' transactions with retailers that employ Verified by Visa and SecureCode protection. This stolen data allows criminals to impersonate their victims and register with these programs to ensure fraudulent transactions elude fraud detection systems.

Trusteer used its Flashlight remote fraud investigation and mitigation service to discover this new in-session phishing attack, and collect Zeus configurations and code samples from infected computers. This version of Zeus attempts to trick online banking customers into surrendering their personal and credit/debit card data by claiming new FDIC rules require that they enrol in the Verified by Visa / MasterCard SecureCode program to protect their accounts.

"While some users may become suspicious when prompted to enter their credit/debit card information as part of the online banking login process, this attack uses the familiar Visa and MasterCard online fraud prevention programs to make the request appear legitimate," said Amit Klein, CTO of Trusteer and head of the company's research organization. "Fortunately, online banking customers protected by Trusteer Rapport are not vulnerable to this attack since it blocks HTML injection and prevents Zeus from presenting the fraudulent enrolment request."

Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent banking malware platform for online fraud, and has been licensed by numerous criminal organizations. It infects PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user's browser, the genuine web pages from a bank's web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.

Anti malware detection of Zeus has a poor track record. In a 2009 report based on information gathered from 3 million desktops in North America and the UK Trusteer found that the majority of Zeus infections occur on antivirus protected machines. Specifically, Trusteer found that among Zeus infected machines 55% had up-to-date Antivirus protection installed. The population of machines infected with Zeus is enormous -- one in every 100 computers according to Trusteer research.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo