Police Arrest Couple Over Zeus Banking Trojan

British police have arrested two people linked to malware used to steal banking information and another personal data

Two people have been arrested in connection with using a notorious Trojan in a scheme to steal online banking information.

The man and the woman, both 20, were arrested by the Metropolitan Police Service in Manchester for violating the 1990 Computer Misuse Act and the 2006 Fraud Act, according to police.

The duo are accused of using the Zeus Trojan, also known as Zbot, in a plot to steal information.

According to the Metropolitan Police’s Central e-Crime Unit (PCeU), it is believed the Trojan was configured to record victim’s online bank account information and passwords, as well as credit card numbers and other information.

“The Zeus Trojan is a piece of malware used increasingly by criminals to obtain huge quantities of sensitive information from thousands of compromised computers around the world,” said Detective Inspector Colin Wetherill of the PCeU, in a statement. “The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality.”

Zeus is widely available for purchase in the cyber-underground and is typically spammed out in emails. Earlier this year, Fortinet observed a surge of activity from the Trojan, and reported that the malware posted record detection levels for a single-day (24 July). It went on to rank number two on Fortinet’s list of Top 10 malware during 21 July to 20 August.

Trend Micro reported a new spam campaign tied to Zeus earlier this month that prompted recipients to update their MySpace account. The link in the email took users to a fake login page, and ultimately tried to trick users into downloading a supposed ‘MySpace Update Tool’ that was in fact the Trojan.

“Zbot is one of the most notorious pieces of malware of recent times,” blogged Graham Cluley, senior technology consultant at Sophos. “It’s a data-stealing Trojan horse, designed to grab information from internet users which would help hackers break into online bank accounts and social networking sites such as Facebook and MySpace.”