US-based security firm Trusteer warns today of a new scheme that uses the infamous Zeus Trojan to spread and harverst Internet banking users' sensible data. According to their press release, the Web sites of 15 top US financial institutions are affected by the phishing scam, and customers visiting these sites are at risk, even if they do not currently use the Verified by Visa or MasterCard SecureCode services.
The threat is not the Trojan itself as much as it is a manifestation of it. The computer has to be already infected by Zeus for a user to end up on the mockup page. A Trojan can infect a computer through the downloading by the user of a malicious email attachment or the visiting of a specifically crafted Web page, for instance. Trusteer claims that 1% of all computers in the world are currently infected with the Zeus Trojan, and RSA Security said in April that as much as 88% of Fortune 500 companies are potentially affected by the malware.
When a user of a Zeus-infected computer attempts to start a secure session on his bank's Web site, he is greeted with a new (and malicious) Web page disguised as the Verified by Visa and MasterCard SecureCode login screen. (Trusteer has a screenshot of the page available here.)
The new page is described as being part of a new rule for better protecting the users, and asks for a variety of information: social security number, credit or debit card number, expiration date, and PIN or CSV code. There are also fields for creating a password. And since many people use the same password for multiple online accounts, this could give the hackers easier access to email accounts and more.
Users could (and should) be reluctant to provide their credit card information for accessing banking services. But as we can see, phishing Web pages are becoming increasingly deceiving so detection tools can be of good help. However, Trusteer warns that according to a 2009 study, 55% of computers infected by Zeus were protected by up-to-date antivirus software. Some anti-malware software block HTML injection such as this, and should be looked for for better protection online. Trusteer's Rapport software is one of these.
|
