Zeus

"High roller" fraud campaign persists, origin revealed

By

Researchers have uncovered information about the origins of "Operation High Roller," a campaign targeting victims in the United States and the Netherlands with banking trojans to carry out ACH fraud.

Presidential election spurs malware-laden CNN spam

By

With less than a month remaining until the presidential election, online fraudsters are smelling opportunity, and more similarly themed cons are expected in the upcoming weeks.

Ransomware and phish cons target Skype users

By

Over the course of a week, two trojan-spreading scams have emerged that aim for users of the internet phone service.

Microsoft thwarts Nitol botnet with restraining order

By

A federal court in Virginia allowed Microsoft to take control of a domain, which hosted the Nitol botnet.

BlackBerry, Android users targeted by new Zeus trojan

By

Kaspersky Lab researchers say they have detected five new variants of a mobile trojan known as ZitMo, and four of them target BlackBerry devices, which typically have gone untouched by hackers. Users in Europe are being targeted.

Limitations of law enforcement in fighting cyber crime

Limitations of law enforcement in fighting cyber crime

The active pursuit of online criminals by authorities serves a valuable purpose, but often it ends up netting lesser fish and doesn't complete the entire equation of what is needed to battle today's slick adversaries.

Appellate ruling leaves bank security responsibilities unclear

By

In a major victory for organizations that have sustained massive losses due to unauthorized transactions made by hackers, an appellate court has ruled in favor of a Maine construction company against its bank.

New Zeus variant comes with encryption upgrade

By

Researchers at ThreatMetrix Labs have come across a new variant of the peer-to-peer (P2P) version of the notorious Zeus trojan.

Citadel trojan pulled from Russia's public underground market

The infamous trojan Citadel, known for being the first crimeware kit to include a CRM module to communicate with its creators, will only be sold only to recommended sources.

Microsoft names two Zeus defendants in civil action

By

According to an amended complaint filed last week in U.S. District Court in Brooklyn, Microsoft has named two defendants in its Zeus civil lawsuit who previously were listed as "John Does." They currently are in prison.

Racket drains "high roller" bank accounts in automated style

By

Variants of the SpyEye and Zeus toolkits are being used in a global fraud ring to evade multifactor authentication and raid high-balance accounts.

Cyber crooks evading advanced bank security to transfer funds

A new attack method, automatic transfer system (ATS), is being used in conjunction with popular crimeware kits to create "man-in-the-browser" assaults on bank accounts.

Hackers having less success in draining bank accounts

By

Financially minded cyber criminals are attempting to hijack corporate bank accounts at increasing rates, but they are finding less luck in actually getting money out of them, a new study shows.

New Zeus variant targets billing services providers

By

The purveyors of the pernicious Zeus trojan, which traditionally have targeted corporate bank accounts, have found a new cash cow: payroll accounts.

Zeus' coffin not yet closed as domains still living

By

Three domains, which are feeding instructions to computers infected with the Zeus trojan, still are operational despite a Microsoft-led effort to disable the botnet, according to researchers at security firm FireEye.

Flight check-in emails lead to Zeus infection

By

Cyber criminals have cloaked spam to resemble US Airways check-in emails in phishing attempts that lead to Zeus trojan infections.

Microsoft zaps Zeus command centers used in bank fraud

By

Banking trojan Zeus and its related families, which have looted a number of small and midsize businesses to the tune of millions, may be partially crippled after the latest Microsoft botnet enforcement effort.

Connecticut college computer infected with malware, 18K affected

By

The insidious Zbot trojan is believed responsible for compromising the Social Security numbers of more than 18,275 workers at Central Connecticut State University.

Can you stamp out spambots? No, but you can help

Can you stamp out spambots? No, but you can help

Trying to solve the spam epidemic? It might be time for organizations to look inward, as machines that are unknowingly seeded with malware are the reason for the botnet scourge.

Stratfor subscribers targeted by malware-ridden emails

By

A letter addressed to the stolen email addresses of Stratfor customers claims to be a helpful reminder of malware scams, but is actually bait to spread the Zbot trojan.

New Ramnit variant steals Facebook logins

By

A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.

Crooks using Zeus in new Facebook attacks

By

Variants of the Zeus trojan are being used in new Facebook and banking heists, security researchers and law enforcement are warning.

FCC to release free protection tool for small businesses

By

As small businesses increase their dependence on the internet, one federal agency is helping to pave the way for them to conduct secure operations.

Microsoft briefly derails Chrome users

By

Microsoft Security Essentials (MSE), a free utility for Windows-based computers that offers protection against malware, is catching Google's Chrome browser in its dragnet. A faulty signature update for MSE and Microsoft Forefront erroneously classified the Chrome executable file for Windows as an element of the Zeus trojan, notorious for stealing banking information, resulting in a large number of Chrome users being left without their bookmarks and browser plugins. While Microsoft responded within hours with an updated signature (1.113.672.0), and claimed only 3,000 customers were affected, the traffic on blogs and bulletin boards seemed to indicate the number could be much higher. Microsoft advised users to update MSE with the latest signatures and reinstall Chrome.

Official: FBI investigating 400 bank account takeovers

By

Despite fresh guidance and quicker fraud detection, the FBI actively is investigating more than 400 cases of corporate bank account takeovers, an official told federal lawmakers last week. Gordon Snow, the FBI's assistant director of the cyber division, told a House Financial Services subcommittee that these cases, in which criminals initiate unauthorized Automated Clearing House and wire transfers from seized accounts belonging to mostly small and midsize businesses, have resulted in the attempted theft of more than $225 million and actual losses of around $85 million. In his remarks, Snow also discussed risks related to ATM skimming, mobile banking and supply chain compromise.

Microsoft adds "major" update to detect Zeus trojan

By

Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.

Hacker "soldier" steals $3.2 million from U.S. companies

By

Researchers at Trend Micro say they have been hot on the tracks of a corporate hacker, and now they are turning over their findings to U.S. law enforcement.

Account takeover still common, but getting detected faster

By

A new survey from FS-ISAC shows that corporate account takeover remains a persistent issue for banks, but they are getting better at detecting the fraud before any money changes hands.

Kaspersky says McAfee report is all bark and no bite

By

McAfee is dealing with another round of industry disparagement over its "Shady RAT" report, which chronicled a five-year-long hacking campaign.

Zeus for Android steals one-time banking passwords

By

Researchers have discovered a new variant of the insidious Zeus trojan designed to run on Google Android smartphones, but the threat is minimal in the United States.

Sign up to our newsletters

POLL