Researchers at Trusteer uncovered a version of the notorious Zeus Trojan being used to steal financial data in a series of scams targeting Facebook, Hotmail, Gmail and Yahoo.
A malware campaign targeting Facebook, Google Mail, Hotmail and Yahoo user debit card data has been linked to the infamous Zeus Trojan.
Zeus is one of the most prevalent pieces of financial malware on the Web. During the past several years, Zeus variants have been linked to major criminal operations around the globe, including one that prompted the FBI to issue a warning in January. In that case, a variant known as Gameover was observed stealing password and username information for financial institutions.
According to security firm Trusteer, the attack uses a peer-to-peer version of Zeus and varies slightly from site to site. In the Facebook version of the attack, the malware uses Web injection to present victims with a fake 20 percent cash back offer if they link their Visa or MasterCard debit card to their Facebook account. The victim is then prompted to enter their debit card number, expiration date, security code and PIN and told that that once they registers their information, they can earn cash back by purchasing Facebook points.
In the case of the Gmail, Hotmail, and Yahoo versions of the scam, the attack offers what appears to be a new way to authenticate to the 3D Secure service offered through the “Verified by Visa” and “MasterCard SecureCode” programs. The 3D Secure service allows customers to create a password to protect and validate online transactions. As part of the scam, the victim is told that by linking their debit card to their webmail accounts, any future 3D Secure authentication can be performed through Google Checkout and Yahoo Checkout.
READ MORE at EWEEK
Zeus is one of the most prevalent pieces of financial malware on the Web. During the past several years, Zeus variants have been linked to major criminal operations around the globe, including one that prompted the FBI to issue a warning in January. In that case, a variant known as Gameover was observed stealing password and username information for financial institutions.
According to security firm Trusteer, the attack uses a peer-to-peer version of Zeus and varies slightly from site to site. In the Facebook version of the attack, the malware uses Web injection to present victims with a fake 20 percent cash back offer if they link their Visa or MasterCard debit card to their Facebook account. The victim is then prompted to enter their debit card number, expiration date, security code and PIN and told that that once they registers their information, they can earn cash back by purchasing Facebook points.
In the case of the Gmail, Hotmail, and Yahoo versions of the scam, the attack offers what appears to be a new way to authenticate to the 3D Secure service offered through the “Verified by Visa” and “MasterCard SecureCode” programs. The 3D Secure service allows customers to create a password to protect and validate online transactions. As part of the scam, the victim is told that by linking their debit card to their webmail accounts, any future 3D Secure authentication can be performed through Google Checkout and Yahoo Checkout.
READ MORE at EWEEK