TechSpot

Zeus3 Trojan quietly steals $1m from bank accounts

By Matthew
Aug 12, 2010
Post New Reply
  1. What about the love :(
     
  2. Some one watched Office Space too many times.
     
  3. "(Lengthy speech) ...And most of all: hate yourself for being unaware of how to protect your computer and the info on it, from abuse by others."

    Yes, when a burglar breaks into and trashes my home, I really hate myself for not having turned it into Fort Knox... not!

    No, actually, I hate the burglar, and in this case, just as justifiably, I hate the hackers, and I also hate you for making pathetic immature excuses for the lowlife creeps who make it necessary for me to waste so much of my time and energy on unproductive security concerns.
     
  4. Rick

    Rick TechSpot Staff Posts: 6,305   +52 Staff Member

    Raybay, why do you believe this can't be done? I'll be the first to admit that I'm always skeptical of these stories because they often reek of sensationalized oversimplification... But there's plenty of proof this legitimate: http://news.cnet.com/8301-27080_3-20013246-245.html

    Once you've rooted a computer, pretty much anything is possible. Even trusted, secure connections can't be "trusted" anymore because the computer you're using itself is not trustworthy.

    Programmatically farming usernames/passwords and site they are used on from most browsers is probably a pretty simple thing. In Firefox, you can view your saved passwords in plain text and there are various utilities to 'view' your passwords with other browsers like IE. This is all very much a reminder NOT to have your browser save your password.

    Even a keylogger would be good enough if a pair of human eyes. Maybe the bank transfers themselves happen by hand, but the information collected is done programmatically.

    There are plenty of ways to manipulate browsers and inject/replace HTML. Swapping out customer's real balances can be just a matter of getting a simple add-on/plugin/extension installed outside of your browser. You'd need to be familiar with banking websites, but how hard is that? Even if it affects only a handful of the largest banks, you've probably got 90% of everyone who banks online.

    And lastly, your connection simply isn't secure anymore. Banking sites are encrypted end-to-end, but when you control one of those ends, you can expose what's going on to your delight because even at the very least, injecting a MITM is well within your power. Having root means any of the above can be done.

    I see no reason why this can't be done. It contains a few steps and things have to work properly, but that's why this is being touted as a 'sophisticated' virus.
     
  5. techsuitor

    techsuitor TS Rookie Posts: 145

    ohh.. identity theft really scares people
     
  6. What would happen if it shows itself in Kenya
     
  7. techsuitor

    techsuitor TS Rookie Posts: 145

    oh.. Everybody must be careful to what we are doing. :) (still it isn't enough) Need assistance from everyone.
     
  8. what are you talking about card reader? I don't have any card reader attached to my computer. I got news for you all? Not only is anyone vulnerable to this it has happened a couple times to me. Once someone some how got access to my (secure??) bank account and removed $1280.00 luckily they didn't have access to my balance since i had $30,000+/- in my checking account money from a back payment from Veterans Administration. And again someone broke into ebay and accessed my paypal account for $1200.00+/- $1100+ and $256.00. Luckily I got it all back but no one anywhere is safe.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.