Zeus Trojan returns: Facebook being used to spread the infection

By on June 5, 2013, 8:00 AM
facebook, trojan, zeus, zeus trojan

The infamous Zeus malware has once again resurfaced, but this time it’s using Facebook to further its crime spree. First detected in 2007, Zeus has infected millions of computers over the past six years. Despite the efforts of numerous security firms to combat the Trojan horse, it has only gotten stronger with age.

Following the initial infection, the virus lays dormant until an online banking site is opened. It then uses keyloggers to steal the unsuspecting victim’s usernames and passwords. Sometimes the Zeus malware goes even further - it replicates the bank's website, using a fake interface to obtain social security numbers, credit card digits, and other sensitive information. Eurograbber, a Trojan that employs similar methods to that of Zeus, reportedly stole $46.5 miillion from European users.

It is for this reason that Zeus is so effective. Even when your bank account is fully drained, the malware continues to search for any tidbits of data that can be sold on the black market. And unlike most malicious software, there are little to no warning signs - the computer will continue to operate normally, as an outright crash was never the intent.

Eric Feinberg, the founder of Fans Against Kounterfeit Enterprise (FAKE), believes that bogus Facebook pages are now being used to spread the malware. One such page was called “Bring the N.F.L to Los Angeles.” After asking a security team to analyze the shady links that were posted throughout the group, Feinberg's theories were proven to be correct.

The big concern is how little Facebook is doing to combat the threat. In response to Feinberg’s outreach to the social media giant, Facebook suggested that users should take matters into their own hands by signing up for scanners that can identify and remove the Trojan. According to The New York Times, Feinberg added, “They’re not listening. We need oversight on this.”

User Comments: 17

Got something to say? Post a comment
cliffordcooley cliffordcooley, TechSpot Paladin, said:

The big concern is how little Facebook is doing to combat the threat.
This says it all in one sentence. It is easy to see kickbacks in Facebook's wallet. This is my only question, "Who is paying them to remain neutral?". Is it those who would infect or those who would disinfect?

Guest said:

So, how do you get the virus?

Guest said:

Its airborne

cliffordcooley cliffordcooley, TechSpot Paladin, said:

So, how do you get the virus?

I think the article mentioned links on specific Facebook pages leading to where the virus is found.

Skidmarksdeluxe Skidmarksdeluxe said:

So in other words, Facebook are in cahoots with these malware distributors.

1 person liked this | Tygerstrike said:

I highly doubt FB has anything to actually do with this trojan. To think otherwise is simply silly. However given the SIZE of FB I can see why they are having trouble narrowing in on it. Theres too many accounts. Too many fake accounts. It would be a simple matter for a hacker to just create a new profile, put the virus out there, then delete it and start another. The sad part about this malware is it relys on ppls need to be lazy. Much as online shopping has done. I have never and will never check my bank account, that I have to live on, on a computer or smartphone. Its a risk simply having that information on those devices. Let alone useing that device for any banking transactions. I would suggest to FB users that you use FB on a computer that doesnt have ANY banking use done on it. Atleast this way the damage can be minimized untill a solution to this malware can be found.

MilwaukeeMike said:

Zeus is not your typical malware... it's actually something that helps criminals build their own malware. I don't know much about it, but it sounds like a sort of malware framework complete with an online community to help you get your viruses working. This is why it's been around since 2007... it's not a single virus, it's a starting point to new ones.

Littleczr Littleczr said:

Can't wait to get get my degree.

1 person liked this | Tanstar said:

A nice addition to the article would've been to list some Anti-malware programs that can locate the trojan on your computer.

Guest said:

As the owner of a retail computer repair business, I can assure you all that the current state of anti-virus protection can NOT prevent this infection. FB's advice to use and AV to stop this type of infection is nothing more than their attempt to dodge responsibility for their inability to stop scammers from using FB

TS-56336 TS-56336 said:

Nothing new about compromised links on FB. It has always been a hazard, definitely not worth it.

1 person liked this | treetops treetops said:

A nice addition to the article would've been to list some Anti-malware programs that can locate the trojan on your computer.

Yeah I was wondering the same thing.

JA Logan JA Logan said:

The problem is that Zeus is polymorphic. It changes itself to avoid detection.

Night Hacker Night Hacker said:

It's not a VIRUS... it's a TROJAN, there is a difference. There are some basic rules I follow when on Facebook. Do not click any links that lead to external websites. You do not NEED to "LIKE" every page out there. I never play games or use any other Facebook apps (I block ALL of them).

Far too often I see people click these links that are so obviously faked, yet they click them anyhow, then enter information on the website. It's no different than any other website.

1 person liked this | MannerMauler said:

Trie malwarebytes, it's updated every day

TJGeezer said:

Seems to me FB is between a rock and a hard place here. They could screen out or put barriers up against those who post malware links but that degree of oversight would bring down the wrath of privacy advocates. Lots of potential here for FB to overreach the fuzzy boundaries of what's proper. And since they couldn't be 100% effective anyway, what legal repercussions might follow from the links they didn't catch, once they start trying to safeguard their users? If FB jumped into this one, it could turn into a real tangle. Better maybe for users to exercise reasonable caution. Or avoid FB entirely.

Tanstar said:

Trie malwarebytes, it's updated every day

Yeah, I run it every so often on my rig (and did so just after reading this article), but mentioning it and other anti-malware programs would be a nice addition to this article. That way I can post it to Facebook and my non-tech friends can get something useful from it instead of just scaring them.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.