New Zeus Variant Means Game Over For US Online Banking Users

A new variant of the Zeus malware, Gameover, has started infecting computers in the US and siphoning off user bank accounts, the FBI has warned.

The malware variant uses a phishing scam, sending unsolicited e-mails pretending to be from the National Automated Clearing House Association (NACHA), used for a wide variety of financial transactions in the US, the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC), to infect recipients’ computers with malware and allow access to their bank accounts.

Don’t take the risk

According to the FBI, emails generally claim that there is a problem with the user’s bank account or a recent ACH transaction and include a link to help you resolve the issue. “Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information,” said a statement by the Bureau.

According to Don Jackson, senior security researcher with the Counter Threat Unit at Dell SecureWorks, Gameover uses complex web injections that allow the attacker to perform Man-in-the-Browser (MITB) attacks to bypass multi-factor authentication mechanisms, while a Distributed Denial of Service (DDoS) component attacks the financial institution’s server to cover the criminal’s tracks.

“First, financial institutions were targeted with DDoS attacks against their online banking websites. These attacks were timed to coincide shortly after accounts at the targeted financial institution had fraud committed against them. These DDoS attacks provide the two-fold effect of potentially distracting the financial institution from observing the fraudulent activity and preventing the customer from logging into their account and noticing the fraudulent activity,” explains Jackson.

Cyber criminals then launder the cash in various ways, including buying jewelery through online transfers and using “money mules” to collect eh merchandise, which is then sold on.

While the Gameover malware does not appear to have hit UK shores yet, it is not inconceivable that cyber criminals would alter the scam for local use, reinforcing the imprtance of employing common sense when accessing email, and ensuring that all measures of protection against attack are in place inlcuding anti-virus software and spam filters.