Zeus Trojan Variant Targeting Banks

The FBI is sounding out about a new variant of the Zeus Trojan that could allow hackers to access bank accounts by malicious e-mail.

The unsolicited e-mails seem to come from the National Automated Clearing House Association, the Federal Reserve Bank or the Federal Deposit Insurance Corporation, the FBI says in its warning. Clicking on a link in the e-mail sends the recipient to a website where the malware is downloaded.

"The malware is appropriately called 'Gameover' because once it's on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions." The FBI said. "And once the crooks get into your bank account, it's definitely 'game over.'"

Gameover is a variant of Zeus, which has been around since at least 2005 and has been widely used in botnet rings that attempt to steal banking information.

In 2010, the FBI, working with law enforcement officials in the United Kingdom, Europe and Ukraine, busted a botnet ring that was trying to transfer $220 million from the United States, in an operation that also involved payments made through the Automated Clearing House. The FBI arrested 39 people, including five in the Ukraine suspected of being the ringleaders and several "mules" in the United States that were moving the money.

In the latest scam, recipients get an e-mail from NACHA, the Fed or FDIC stating either that there is s problem with their bank account or a recent ACH transaction. The e-mail includes a link to a site where the recipient purportedly can resolve the issue, but "once you're there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information," the FBI said.

With account information in hand, the attackers use a botnet to launch a distributed denial-of-service attack on a financial institution to deny access to legitimate users and most likely to cover up their own thefts, the FBI said.

The mules help launder the money, sometimes by using the stolen funds to buy precious stones and expensive watches, which can then be resold for cash. And although some of the mules are in on the money laundering scheme, an increasing number are unwitting participants lured in by "work at home" advertisements, the FBI said.

Members of the crime ring e-mail people, saying their saw their résumé of a job website, and offer them what appears to be a legitimate job, with a contract and websites to log into, the FBI said. The new "employees" then either open a new bank account or use their own account to receive funds and send them overseas.

The FBI is asking anyone who thinks they've targeted by the scheme to contact their bank and file a complaint with the FBI's Internet Crime Complaint Center.

Meanwhile, the FBI offers three tips for protecting yourself against the Gameover scam and others like it:

1. Be sure your computer's anti-virus software is up to date.

2. Don't click on e-mail attachments from unsolicited senders. NACHA, FDIC, and the Federal Reserve all say they don't send out unsolicited e-mails to bank account holders. If you want to confirm there's a problem with your account or one of your recent transactions, contact your financial institution directly.

3. Don't accept unsolicited jobs online that require you to receive funds from numerous bank accounts and then wire the money to overseas accounts — you could get caught up in a criminal investigation.

About the Author

Kevin McCaney is the managing editor of Government Computer News.


  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

comments powered by Disqus