Zeus3 Trojan quietly steals $1m from bank accounts

By on August 12, 2010, 3:15 PM
A new version of the Zeus Trojan has surfaced called Zeus3, and it's supposedly emptying bank accounts across the UK with the equivalent of over $1 million stolen thus far. According to experts at M86 Security (PDF), the malware first appeared early last month and is said to be the most "sophisticated and dangerous threat" the firm has ever seen.

In addition to simply collecting login credentials and bank details, apparently, the infection can siphon money from an account. It checks to see if an account contains more than 800, and if it does, the cash is silently funneled to mule accounts. Zeus3 then serves up fake bank balance to fool unwary users into thinking everything is fine.

"This is an extremely sophisticated version of the virus and it cannot be detected by traditional security software," said an M86 executive. Zeus3 has drained some 3,000 accounts from an unnamed British bank, and it only affects Windows systems. Since most antivirus applications can't detect the Trojan yet, you should keep a close watch on your funds and use unaffected platforms for online banking -- or just hide your money under a mattress until this whole thing blows over.




User Comments: 32

Got something to say? Post a comment
Reloader2 said:

This scares the f**kout of me!

mailpup mailpup said:

I'm not in the UK but that doesn't necessarily make me safer but as it happens I don't bank online anyway. Hurray for analog banking.

Timonius Timonius said:

Governments and authorities of the world better rethink their positions on 'white hat' hackers. The good guys/gals doing stuff for fun can expose weaknesses and vulnerabilities before things get serious if only you didn't treat them like criminals. Perhaps then something like Zeus3 wouldn't even be an issue.

raybay said:

Interesting if true, interesting if not true. Sure think we would of heard a great deal more about it by now if the thefts really worked. Our Secuirity staff works on a lot of financial security issues, and I don't see how anybody could pull this off on a large scale. Think of all the thinks they would have to do right, Dudley.

Leeky Leeky said:

Very scary, but I think its only going to effect UK customers who aren't using card readers to log into online banking.

I fail to see how even this trojan could overwhelm the card reader system I have to use for my bank. The codes are never the same, and you physically have to read the chip in the card inside the reader before it will do a thing - I'm somewhat suprised most banks still rely on simple usernames, passwords and stuff that doesn't change...

Another bonus... I wish I had over £800 in my account!

captaincranky captaincranky, TechSpot Addict, said:

Another bonus... I wish I had over £800 in my account!

Believe me, I know the feeling! I comfort myself with the old adage that, "he who steals my purse steals trash"...!

TomSEA TomSEA, TechSpot Chancellor, said:

I absolutely loathe the jerk-offs who create viruses, worms and trojans whether to steal or to mess up your computer. I know the bulk of these are created in Russia or China, but if they are ever able to track down a western hacker who does this - I would have zero problem locking them up for life. After several days of torture, of course.

captaincranky captaincranky, TechSpot Addict, said:

I absolutely loathe the jerk-offs who create viruses, worms and trojans whether to steal or to mess up your computer. I know the bulk of these are created in Russia or China, but if they are ever able to track down a western hacker who does this - I would have zero problem locking them up for life. After several days of torture, of course.
Really, I hear that. Besides, the Russians should stick to porn and online mail order brides. Those girls are HOT!

LinkedKube LinkedKube, TechSpot Project Baby, said:

SWORDFISH?

Guest said:

Malware like Zeus can defeat two-factor authentication. If the host that you use to log into your online bank account is compromised, it doesn't matter how sophisticated your authentication mechanism is.

"Bank sites that offer two-factor authentication, such as one-time passcodes and ID tokens, are ineffective because the malware has taken over the browser after the victim has logged into the banking..."

Excerpted from http://news.cnet.com/8301-27080_3-20013246-245.html

maestromasada said:

Hide your money under the mattress, love that!

motrin said:

first thing next morning i'm taking out my 8 moneys! (joke)

T77 T77 said:

it seems interesting,that this trojan can also throw up fake balances in accounts

LinkedKube LinkedKube, TechSpot Project Baby, said:

I already said "swordfish."

techsuitor techsuitor said:

haha! .. Its really freakin .. even transactions online are really fast. Hackers can also come to your doors as fast as it. Tokens are not enough.

techsuitor techsuitor said:

maybe the programmer of the system is the culprit, 'cause he can create backdoor. But, that's only a guess. Don't take it seriously. ..hmm.. but I have a point ,,

LightHeart said:

If you are going to do online financial transactions the best method today is to have a separate physical machine, a live boot cd or at least a VM. Harden that machine; only use it for the financial transactions and keep it turned off when not in use. Do not use your general system (browsing, Office, gaming) for these type of transactions. This will severely limit the likelihood of getting malware.

Someday maybe the banks will come out with a highly secure VM that people can use for online banking.

Of course you could skip online banking in general.

Richy2k9 said:

hello ...

scary indeed, I may not have money in bank, but I use secured banking, i just hope it's enough.

I will work into strengthening my PC for this .. for i know till now it's all my fault / negligence that puts me at stake.

cheers!

Zeromus said:

Whew, good thing I'm not that loaded. Haha!

raybay said:

I still find no evidence that this story is actually true. Anybody have another source.

Guest said:

Dont hate the people creating these trojans. Hate the people that:

- use it for illegal activities

- don't take security serious

- rather have security issues then one less shiney

- try to social engeneer the rest of you into thinking that hackers are the problem

If anything, hackers are part of the fix. The fix being code that is as safe as possible and a fast reaction when it gets pointed out that it isnt.

Microsoft does not care about security. They care about licenses sold and market share. Hate them for creating the platform that makes this all possible to begin with. Something that has been pointed out to them over the last few decades without much result.

Hate the people that rather implement a quickfix instead of a solution.

And most of all: hate yourself for being unaware of how to protect your computer and the info on it, from abuse by others.

As reply to the two-factor authentication stuff: that is only true if AFTER logon, nothing gets checked anymore. I'm not sure how it works over there, but over here you have to repeat that step when you finalize your orders.

bakape said:

and it only affects Windows systems

Always take the road less traveled by, and that would be Linux.

Very unfortunate for the account owners, but I still get a smirk each time Windows is a condition for disaster

Guest said:

I so agree.

Guest said:

"(Lengthy speech) ...And most of all: hate yourself for being unaware of how to protect your computer and the info on it, from abuse by others."

That's a whole lot of hate. If I hated that many people, I'd never have the time to do anything.

Guest said:

What about the love :(

Guest said:

Some one watched Office Space too many times.

Guest said:

"(Lengthy speech) ...And most of all: hate yourself for being unaware of how to protect your computer and the info on it, from abuse by others."

Yes, when a burglar breaks into and trashes my home, I really hate myself for not having turned it into Fort Knox... not!

No, actually, I hate the burglar, and in this case, just as justifiably, I hate the hackers, and I also hate you for making pathetic immature excuses for the lowlife creeps who make it necessary for me to waste so much of my time and energy on unproductive security concerns.

Staff
Rick Rick, TechSpot Staff, said:

Raybay, why do you believe this can't be done? I'll be the first to admit that I'm always skeptical of these stories because they often reek of sensationalized oversimplification... But there's plenty of proof this legitimate: [link]

Once you've rooted a computer, pretty much anything is possible. Even trusted, secure connections can't be "trusted" anymore because the computer you're using itself is not trustworthy.

Programmatically farming usernames/passwords and site they are used on from most browsers is probably a pretty simple thing. In Firefox, you can view your saved passwords in plain text and there are various utilities to 'view' your passwords with other browsers like IE. This is all very much a reminder NOT to have your browser save your password.

Even a keylogger would be good enough if a pair of human eyes. Maybe the bank transfers themselves happen by hand, but the information collected is done programmatically.

There are plenty of ways to manipulate browsers and inject/replace HTML. Swapping out customer's real balances can be just a matter of getting a simple add-on/plugin/extension installed outside of your browser. You'd need to be familiar with banking websites, but how hard is that? Even if it affects only a handful of the largest banks, you've probably got 90% of everyone who banks online.

And lastly, your connection simply isn't secure anymore. Banking sites are encrypted end-to-end, but when you control one of those ends, you can expose what's going on to your delight because even at the very least, injecting a MITM is well within your power. Having root means any of the above can be done.

I see no reason why this can't be done. It contains a few steps and things have to work properly, but that's why this is being touted as a 'sophisticated' virus.

techsuitor techsuitor said:

ohh.. identity theft really scares people

Guest said:

What would happen if it shows itself in Kenya

techsuitor techsuitor said:

oh.. Everybody must be careful to what we are doing. (still it isn't enough) Need assistance from everyone.

Guest said:

what are you talking about card reader? I don't have any card reader attached to my computer. I got news for you all? Not only is anyone vulnerable to this it has happened a couple times to me. Once someone some how got access to my (secure??) bank account and removed $1280.00 luckily they didn't have access to my balance since i had $30,000+/- in my checking account money from a back payment from Veterans Administration. And again someone broke into ebay and accessed my paypal account for $1200.00+/- $1100+ and $256.00. Luckily I got it all back but no one anywhere is safe.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.