More Arrests But Zeus Trojan Rules In Online Bank Fraud

Ukraine police arrested five individuals accused of being part of a cyber-crime ring that used the Zeus Trojan to steal $70 million from US banks and £6 million from UK accounts. The arrests targeted people the FBI described as “key suspects responsible for this overarching scheme.”

Authorities in the United States and the United Kingdom have been taking action as part of “Operation Trident Breach” which began in May 2009, when FBI agents in Omaha, Nebraska, were alerted to Automated Clearing House (ACH) batch payments to 46 separate bank accounts throughout the United States.

Agents quickly realised the scope of the crime and partnered with local, state, and federal partners, cybercrime task forces, working groups, and foreign police agencies in the Netherlands, Ukraine, and the United Kingdom to bring those responsible to justice.”

According to security researchers, the price of the Zeus Trojan can range from a few thousand to possibly as high as $10,000. Additional features and services such as Windows 7 support or “Firefox form grabber” can be purchased for $2,000, Ivan Macalintal, senior threats researcher at Trend Micro, told eWEEK.

“It is the most popular Trojan tool kit going today,” said Dave Marcus, director of security research and communications at McAfee Labs. “It’s also the highest priced and most effective.”

In the years since it was first seen in the wild, Zeus has been linked to numerous criminal operations and botnets. Trusteer, for example, earlier in 2010 found a 100,000-strong Zeus botnet that was tied to the theft of a wide range of user data, including credit card numbers and browser cookies.

The malware is spread by a variety of means, including drive-by downloads and spam attacks. The constant development of variants allows Zeus to evade antivirus software, researchers said.

“The tool kit is very well developed and of professional grade,” Marcus noted. “It’s probably the most popular, because it’s hands-down the most effective. Cyber-criminals love it because it’s a money-maker.”

However, Marc Fossi, manager of research and development for Symantec Security Response, said Zeus is not as broadly advertised as it once was because of the attention it attracts.

“In fact, one Website we recently observed had a rule banning sales and downloads of Zeus through their forum because of the attention it was drawing to them,” Fossi said.

Recently, Zeus operators made an attempt to trick users of mobile devices into giving up their mobile phone numbers so they could infect those devices with an SMS (Short Message Service) monitoring program that can be used to steal transaction authentication numbers sent to users by banks to authenticate online banking transactions.

“The banking industry needs to be doing more,” said Alex Cox, principal analyst for NetWitness. “In the past, online fraud losses were looked at as a cost of doing business, as long as they didn’t exceed whatever the expected loss percentage was. And US-based banks have historically lagged behind European banks as far as online banking safeguards go, too.”

“The popularity and power of Zeus is that it offers a very low barrier to entry, with a high possibility of return,” Cox said. “As such, the use of Zeus is prolific to the point that we see it in the vast majority of organisations who call us in to assess them – either via infected hosts inside the corporate network, or being used to commit fraud via the business online portals. Infection mechanisms in [the recent arrests] were likely a combination of exploits, phishing and second-stage malware payload. This works so there is no need to change it or do anything different.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

View Comments

  • Organizations just like yours have had hundreds of thousands, and sometimes millions of dollars stolen from their commercial bank accounts, only to learn that their banks don't take responsibility for safeguarding their funds from these attacks. Clicking on:

    http://www.yourmoneyisnotsafeinthebank.org/Banking_CyberProtection_Demand_Letter.doc

    will download a letter you can print out and take to your financial services institution to learn if your small- and medium-sized enterprise is vulnerable to losing money to cyber-criminals like the ones mentioned in this article.

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

55 mins ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

1 hour ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

2 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

2 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

3 hours ago

EU Opens TikTok Probe Over Election Interference Claims

European Commission opens formal probe into TikTok after Romanian first-round elections annulled over Russian interference…

3 hours ago