Zeus

New Ramnit variant steals Facebook logins

January 05, 2012

A new variant of the Ramnit virus harvested the login credentials of more than 45,000 Facebook users worldwide, according to researchers.
 

Crooks using Zeus in new Facebook attacks

November 30, 2011

Variants of the Zeus trojan are being used in new Facebook and banking heists, security researchers and law enforcement are warning.
 

FCC to release free protection tool for small businesses

October 25, 2011

As small businesses increase their dependence on the internet, one federal agency is helping to pave the way for them to conduct secure operations.
 

Microsoft briefly derails Chrome users

September 30, 2011

Microsoft Security Essentials (MSE), a free utility for Windows-based computers that offers protection against malware, is catching Google's Chrome browser in its dragnet. A faulty signature update for MSE and Microsoft Forefront erroneously classified the Chrome executable file for Windows as an element of the Zeus trojan, notorious for stealing banking information, resulting in a large number of Chrome users being left without their bookmarks and browser plugins. While Microsoft responded within hours with an updated signature (1.113.672.0), and claimed only 3,000 customers were affected, the traffic on blogs and bulletin boards seemed to indicate the number could be much higher. Microsoft advised users to update MSE with the latest signatures and reinstall Chrome.
 

Official: FBI investigating 400 bank account takeovers

September 19, 2011

Despite fresh guidance and quicker fraud detection, the FBI actively is investigating more than 400 cases of corporate bank account takeovers, an official told federal lawmakers last week. Gordon Snow, the FBI's assistant director of the cyber division, told a House Financial Services subcommittee that these cases, in which criminals initiate unauthorized Automated Clearing House and wire transfers from seized accounts belonging to mostly small and midsize businesses, have resulted in the attempted theft of more than $225 million and actual losses of around $85 million. In his remarks, Snow also discussed risks related to ATM skimming, mobile banking and supply chain compromise.
 

Microsoft adds "major" update to detect Zeus trojan

September 15, 2011

Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.
 

Hacker "soldier" steals $3.2 million from U.S. companies

September 15, 2011

Researchers at Trend Micro say they have been hot on the tracks of a corporate hacker, and now they are turning over their findings to U.S. law enforcement.
 

Account takeover still common, but getting detected faster

August 25, 2011

A new survey from FS-ISAC shows that corporate account takeover remains a persistent issue for banks, but they are getting better at detecting the fraud before any money changes hands.
 

Kaspersky says McAfee report is all bark and no bite

August 18, 2011

McAfee is dealing with another round of industry disparagement over its "Shady RAT" report, which chronicled a five-year-long hacking campaign.
 

Zeus for Android steals one-time banking passwords

July 12, 2011

Researchers have discovered a new variant of the insidious Zeus trojan designed to run on Google Android smartphones, but the threat is minimal in the United States.
 

FFIEC guidance addresses corporate account takeover

June 29, 2011

The long-awaited update to the Federal Financial Institutions Examination Council (FFIEC) guidelines around authentication has been released.
 

New Zeus emails cloaked as Fed, IRS messages

June 22, 2011

Small and midsize organizations may want to take note: There is a particularly large Zeus spam campaign making the rounds.
 

Judge rules bank not at fault for corporate account fraud

June 08, 2011

In a potentially precedent-setting court ruling, a U.S. magistrate judge has ruled that a bank is not responsible for covering the loss of nearly $300,000 that was illegally wired out of the bank account belonging to a Maine construction company.
 

BlackHole exploit kit now available for free

May 24, 2011

A free copy of the BlackHole exploit kit is available on several file-sharing sites, lowering the cost of entry for budding cybercriminals, experts warned this week.
 

Zeus source code open for inspection, use

May 10, 2011

As if Zeus wasn't already a torment, the insidious banking trojan may become even more prolific now that its source code has been leaked on at least two underground forums, according to researchers at Denmark-based CSIS. Peter Kruse, writing on the company's blog, said the source code for the Zeus toolkit is "freely available for inspection, inspiration or perhaps to be compiled and used in future attacks." He expects the leakage to cause the trojan to become more pervasive. One likely can expect the price to fall too. McAfee researchers in September said the Zeus builder toolkit was going for between $700 and $1,500.
 

FBI warns of millions lost in fraudulent transfers to China

April 27, 2011

The FBI is probing 20 new cases of U.S. businesses losing millions of dollars to cybercriminals, who then siphoned off the cash to accounts in China.
 

Digital stick-up: Online account fraud

April 01, 2011

Corporate account takeover remains prevalent, resulting in $87.5 million in losses last year. But all banks can strive to prevent it, while staying within budget, says Rudy Wolfs of ING Direct.
 

Trojan steals session IDs, bypasses logout requests

February 22, 2011

A new banking trojan targeting U.S. customers has the ability to keep online account sessions open after customers believe they have logged off, enabling criminals to surreptitiously steal money.
 

Zeus vs. online authentication, Part 2: Five hard questions

Charles Jeter, ESET cybercrime investigator February 14, 2011

Typically fraud is considered unacceptable in other industries yet 80 percent of banks failed to catch fraud prior to wire transfer, according to a recent study. Two experts answer five hard questions.
 

ZeuS vs. online authentication, Part 1

January 24, 2011

Experi-Metal v Comerica Bank: Banking Trojan Litigation Analyzed. Is today's authentication sufficient to protect against the latest ZeuS banking trojan attacks?
 

Zeus botnet targeting Macy's, Nordstrom account holders

December 09, 2010

A new Zeus botnet is targeting the credit card accounts of several major U.S. retailers, including Macy's and Nordstrom, according to researchers at online banking security firm, Trusteer.
 

Cyberthreats: A long haul

December 01, 2010

Enterprises are under constant seige from cyberthreats that continue to evolve to new levels of sophistication, reports Deb Radcliff.
 

New malicious email campaign targets Facebook users

November 19, 2010

A large wave of malicious emails claiming to come from Facebook began hitting inboxes this morning, according to researchers at messaging security firm AppRiver. The emails contain the subject line "Facebook Support" and purport to be from "Facebook office." Recipients are told their Facebook accounts have been blocked due to spam activity and they must use a new password, which is included in an attachment. However, the attachment actually contains a variant of the Oficla downloader, which has been known to install rogue anti-virus programs and the Zeus trojan. AppRiver has detected more than 100,000 of the messages. - DK
 

Targeted, smarter attacks dominate 2010 threat landscape

November 10, 2010

According to an SC World Congress speaker, cybercriminals have over the past year grown more innovative and relied heavily on opportunistic, targeted and blended attacks.
 

Two alleged Zeus mules arrested in Wisconsin

November 05, 2010

Two Moldovan men were charged this week for their involvement with the Zeus trojan, which has been used to steal millions of dollars from U.S. bank accounts. Dorin Codreanu and Lilian Adam, both 21, are believed to have been "money mules," responsible for transferring stolen funds to accomplices overseas. The pair was arrested in Wisconsin and is set to be transferred to New York to face charges of conspiracy to commit bank fraud, according to reports. The men are among the 37 individuals charged late last month in U.S. District Court in Manhattan for their role in the scheme. — AM
 

"Iranian Cyber Army" cons fellow crooks with honeypot

November 04, 2010

Security researchers have discovered that a criminal ring trying to spread the Zeus trojan has set up a fake administrator panel to study its foes and produce bogus data.
 

Microsoft tool unable to detect new versions of Zeus

November 03, 2010

Though a Microsoft tool detects and prevents Zeus infections, its success rate may be limited, according to researchers at a security firm.
 

Iranian Cyber Army shifts efforts toward malware, botnets

October 25, 2010

A hacker group responsible for defacement attacks against Twitter and Baidu now appears to be amassing a mighty botnet, according to researchers at a security firm.
 

Is the advanced persistent threat something new?

October 20, 2010

Jerry Dixon, the former head of US-CERT, will examine the truth behind one of 2010's biggest IT security buzzwords when he speaks at next month's SC World Congress.
 

Microsoft tool removes Zeus 281,000 times in five days

October 18, 2010

The reach of the Zeus trojan is even more widespread than Microsoft expected when it added detection and removal last week for the pernicious malware.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Patch Management PCI Compliance SC Awards 2012 Trojans Vulnerabilities & Flaws