The infamous Zeus botnet is back – and this time it’s targeting UK users, according to Israeli security firm Trusteer. The botnet has so far infected around 100,000 machines, the vast majority of which are in the UK.
Trusteer says that the botnet has been harvesting a variety of personal information from unsuspecting victims, including online account IDs, plus login information to banks, credit and debit card numbers, account types plus balances, bank statements, and login information for email accounts and social networks.
"This is just one out of many Zeus 2 botnets operating all over the world," says Amit Klein, Trusteer’s chief technology officer. "What is especially worrying is that this botnet doesn’t just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user that can be used to augment their illegal access to those users’ online accounts."
Klein added that this is another example of "regional malware" – where criminals operate targeted and segmented attacks on users. This means they can target users of a specific bank one day and, once that bank’s security systems catch up, move on to another target the following day.
Mickey Boodaei, Trusteer’s CEO added that the size of the Zeus botnet is a clear demonstration of the increasing sophistication of cybercriminal gangs and their ability to gather data through a variety of means. He also warned banks to be on their guard.
"Zeus has become one of the most prevalent botnet trojans in the history of online fraud. Fighting financial malware requires banks to have accurate intelligence and strong fraud detection and mitigation capabilities, and work with their customers. Internet users need to follow their bank’s instructions and when asked download online banking security software which is specifically tuned to detect and resist specific threats that the bank identifies such as Zeus. Banks need to continue implementing multiple layers to detect, resist, and de-activate malware attacks and tightly integrate these layers together," he said.