We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,230 News Articles

Zeus Trojan steals around £675,000

3,000 bank accounts raided

A trojan that recently broke into the accounts of around 3,000 customers at a major high street bank, stealing over $1million, has been uncovered by M86 Security.

As with a number of recent busts of Zeus (aka Zbot) command & control servers, M86 Security discovered the UK account details on a server in a small East European country, culled using Zeus v3 after targeting customers of a single institution.

Close to £675,000 are said to have been taken from account holders at the bank between 5 July and 4 August.

A worrying picture is now emerging of a concerted series of targeted - and obviously successful - attacks on a wide range of banks in the UK and beyond throughout the spring and summer of this year.

Last week, another security company, Trusteer, warned that 100,000 PCs in the UK alone had been found to be infected with versions of the Zeus Trojan, almost none of which appeared to be detectible by a range of antivirus programs.

Only a few weeks before that, Zeus was said to have attacked customers of 15 US banks using the Verified by Visa and MasterCard SecureCode credit card 'card not present' verification systems.

The attack has a number of concerning elements beyond the immediate losses, starting with the tardy response of the bank concerned. According to Bradley Anstis, VP of technical strategy at M86 Security, the bank seemed to have no clear procedure for a security company to inform them of what was a serious situation.

"It took us a week to find the right people," he said.

According to the detailed white paper put out by M86 Security on the attack [PDF], criminals were also able to build the attack with the Phoenix and Eleonore Exploit Kits to target software vulnerabilities in common applications such as Adobe Reader, Internet Explorer, and Java.

Some of the vulnerabilities aimed at by Eleonore go back to 2006, 2007, and 2008, although one is as recent as this year. It looks from this as if patching has at least some influence on how vulnerable a consumer is to Zeus.

Visitors with the vulnerabilities unpatched would have encountered the Trojan through ads embedded on innocent-looking websites, including some apparently based in the UK. In M86's analysis, few antivirus products could have stopped the obfuscated attacks, which raises the question of how UK consumers can protect themselves, if at all.

The company has its own hosted services to push, of course, but Anstis also recommended the use of sandboxed and virtualised browsers as one option. These isolate the browsing session from external capture, or at least do so at present. Longer term, it is clear that banks will have to introduce extra layers of authentication and fraud control.

See also: Botnets distributing country-specific bank Trojans


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback