The infamous Zeus malware has once again resurfaced, but this time it’s using Facebook to further its crime spree. First detected in 2007, Zeus has infected millions of computers over the past six years. Despite the efforts of numerous security firms to combat the Trojan horse, it has only gotten stronger with age.
Following the initial infection, the virus lays dormant until an online banking site is opened. It then uses keyloggers to steal the unsuspecting victim’s usernames and passwords. Sometimes the Zeus malware goes even further - it replicates the bank's website, using a fake interface to obtain social security numbers, credit card digits, and other sensitive information. Eurograbber, a Trojan that employs similar methods to that of Zeus, reportedly stole $46.5 miillion from European users.
It is for this reason that Zeus is so effective. Even when your bank account is fully drained, the malware continues to search for any tidbits of data that can be sold on the black market. And unlike most malicious software, there are little to no warning signs - the computer will continue to operate normally, as an outright crash was never the intent.
Eric Feinberg, the founder of Fans Against Kounterfeit Enterprise (FAKE), believes that bogus Facebook pages are now being used to spread the malware. One such page was called “Bring the N.F.L to Los Angeles.” After asking a security team to analyze the shady links that were posted throughout the group, Feinberg's theories were proven to be correct.
The big concern is how little Facebook is doing to combat the threat. In response to Feinberg’s outreach to the social media giant, Facebook suggested that users should take matters into their own hands by signing up for scanners that can identify and remove the Trojan. According to The New York Times, Feinberg added, “They’re not listening. We need oversight on this.”