[ISN] Zeus Trojan steals $1 million from U.K. bank accounts

From: InfoSec News <alerts_at_private>
Date: Wed, 11 Aug 2010 01:00:37 -0500 (CDT)
http://news.cnet.com/8301-27080_3-20013246-245.html

By Elinor Mills 
InSecurity Complex
CNet News
August 10, 2010

Consumers and businesses in Great Britain have lost more than $1 million 
so far this summer from a Trojan that is infecting their computers, 
prompting them to log into their bank accounts, and then is 
surreptitiously transferring money to scammers in other countries, 
security researchers said on Tuesday.

About 3,000 bank accounts were found to be compromised at one financial 
institution, which was not identified, according to a white paper 
released by M86 Security.

The multilevel scheme uses a combination of a new version of the Zeus 
keylogger and password stealer Trojan, which targets Windows-based 
computers and runs on major browsers, and exploit toolkits to get around 
anti-fraud systems used at bank Web sites, the report found.

Bank sites that offer two-factor authentication, such as one-time 
passcodes and ID tokens, are ineffective because the malware has taken 
over the browser after the victim has logged into the banking site, 
Bradley Anstis, vice president of technology strategy at M86 Security, 
told CNET.

[...]


--
Visit InfoSec News!
http://www.infosecnews.org/
Received on Tue Aug 10 2010 - 23:00:37 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 10 2010 - 23:06:28 PDT