Zeus Trojan Variant Targeting Banks

The FBI is sounding out about a new variant of the Zeus Trojan that could allow hackers to access bank accounts by malicious e-mail.

The unsolicited e-mails seem to come from the National Automated Clearing House Association, the Federal Reserve Bank or the Federal Deposit Insurance Corporation, the FBI says in its warning. Clicking on a link in the e-mail sends the recipient to a website where the malware is downloaded.

"The malware is appropriately called 'Gameover' because once it's on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions." The FBI said. "And once the crooks get into your bank account, it's definitely 'game over.'"

Gameover is a variant of Zeus, which has been around since at least 2005 and has been widely used in botnet rings that attempt to steal banking information.

In 2010, the FBI, working with law enforcement officials in the United Kingdom, Europe and Ukraine, busted a botnet ring that was trying to transfer $220 million from the United States, in an operation that also involved payments made through the Automated Clearing House. The FBI arrested 39 people, including five in the Ukraine suspected of being the ringleaders and several "mules" in the United States that were moving the money.

In the latest scam, recipients get an e-mail from NACHA, the Fed or FDIC stating either that there is s problem with their bank account or a recent ACH transaction. The e-mail includes a link to a site where the recipient purportedly can resolve the issue, but "once you're there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information," the FBI said.

With account information in hand, the attackers use a botnet to launch a distributed denial-of-service attack on a financial institution to deny access to legitimate users and most likely to cover up their own thefts, the FBI said.

The mules help launder the money, sometimes by using the stolen funds to buy precious stones and expensive watches, which can then be resold for cash. And although some of the mules are in on the money laundering scheme, an increasing number are unwitting participants lured in by "work at home" advertisements, the FBI said.

Members of the crime ring e-mail people, saying their saw their résumé of a job website, and offer them what appears to be a legitimate job, with a contract and websites to log into, the FBI said. The new "employees" then either open a new bank account or use their own account to receive funds and send them overseas.

The FBI is asking anyone who thinks they've targeted by the scheme to contact their bank and file a complaint with the FBI's Internet Crime Complaint Center.

Meanwhile, the FBI offers three tips for protecting yourself against the Gameover scam and others like it:

1. Be sure your computer's anti-virus software is up to date.

2. Don't click on e-mail attachments from unsolicited senders. NACHA, FDIC, and the Federal Reserve all say they don't send out unsolicited e-mails to bank account holders. If you want to confirm there's a problem with your account or one of your recent transactions, contact your financial institution directly.

3. Don't accept unsolicited jobs online that require you to receive funds from numerous bank accounts and then wire the money to overseas accounts — you could get caught up in a criminal investigation.

About the Author

Kevin McCaney is the managing editor of Government Computer News.


comments powered by Disqus

Subscribe on YouTube