August 5, 2010 by Jen
Israeli researchers have uncovered a network of one hundred thousand machines, which are being used to harvest internet banking details from UK bankers, a new report has revealed.
Thousands of machines are being compromised by Eastern European cyber criminals, who are taking log in details and passwords for online banking and other personal data. Forming a ‘botnet’, the affected machines are being used to harvest credit and debit card details, in addition to other personal information. The people running the fraud are evidently very familiar with UK banking systems, as the methods used to generate data are very specific to this country.
In addition, social networking sites are being targeted for login information and passwords by the scam. It is thought that the criminals are using Trojans (messages which look innocent but contain malicious code) to obtain data.
The 100,000 machines, which all use Windows software, have been infected with a Trojan known as Zeus. Zeus, also known as Zbot, is what is known as a banking Trojan. Zeus is passed around as an e-mail attachment, or software downloads which look like legitimate applications. The Trojan logs keystrokes to capture password, and evolves and adapts to prevent it from being identified by anti-virus software.
At the moment, it is thought that Zeus affects several million machines. A spokesperson for Trusteer, who first located the network, stated: “The fraudsters are very familiar with UK banking systems. I have contacted the Metropolitan Police central e-crime unit to alert it to the scam, as well as affected banks. Attacks like this have become the norm. 100,000 computers being targeted by a Trojan does not necessarily mean that 100,000 UK customers will have had their details successfully used by the fraudster. In the highly unlikely event that any one of the 23 million UK customers who bank online is an innocent victim as a result of this attack they can expect to get their money back.”
“However, this one is unusual because it uses a new variant of the malware and also predominantly targets people in the UK. Our researchers were able to identify the geographical location of victims, after they gained access to the command and control centre of the network. One of the nice features of that is that it provides you with stats regarding operating systems and the geographical information of the bots. We actually used the fraudsters’ own data to assess the botnet and determine that it actually targets the UK.”
Related posts:
