Zeus banking virus is back warns security firm
Zeus, a virus that steals online banking details from infected computer users, is more powerful than ever, warns a web security company.
A new version of the Zeus trojan has been detected that can exploit the Firefox browser to carry out sophisticated fraud against online banking users, even if the financial institutions are using strong layers of protection.
Zeus 1.6 can infect people using Firefox and Internet Explorer web browsers.
The malware steals login information by recording keystrokes when the infected user is on a list of target websites.
These websites are usually banks and other financial institutions.
The user’s data is then sent to a remote server to be used and sold on by cyber-criminals.
Previous versions of the malware were unable to bypass the security used by Mozilla’s browser.
“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30% of internet users bank online with Firefox and the infection is growing faster than we have ever seen before,” said Amit Klein, chief technology officer at Trusteer.
The company is recommending financial institutions “maintain a layered approach to malware blocking and make sure they have the proper detection, investigation, mitigation and response tools in place.”
DIY virus
In March 2010, many parts of the command and control (C&C) system for the Zeus botnet were destroyed when the Kazakhstani ISP that was being used to administer it was cut off.
However, it does not take long for malware controllers to spring up elsewhere, and toolkits for assembling botnets are readily available on the black market.
“There are plenty of opportunities for people to purchase access to these systems through underground chat rooms,” said Dr JD Marsters, from the department of electronics and computer science at the University of Southampton.
“It’s a game of cat and mouse between antivirus vendors and botnet developers.”
Computer users should ensure that their antivirus software and operating systems are kept up to date.
