Members
  • Total Members: 12809
  • Latest: Dorel
Stats
  • Total Posts: 28477
  • Total Topics: 8238
  • Online Today: 797
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Zeus Malware atack on holiday shoppers (Macys, Nordstrom, Trusteer, PhoneFactor)  (Read 1967 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


As holiday shoppers take advantage of the convenience of online shopping, a Zeus botnet is targeting credit-card account holders who shop several major U.S. retailers including Macys and Nordstrom.

Researchers with security firm Trusteer captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud, says Amit Klein of Trusteer in a blog post: http://www.trusteer.com/blog/just-time-holidays-%E2%80%93-zeus-targets-major-us-retailers
The attack is using a Zeus 2.1.0.8 botnet, which is the latest and most sophisticated version of the Zeus malware platform, according to Klein.

CNP fraud takes place in transactions when a credit card is not physically present at the point of sale, as in an Internet, mail, or phone purchase. In this particular attack, social engineering is used after an infected user logs onto one of the targeted retailer's card services website and the botnet causes a man-in-the-middle-style pop up that says: "In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online. Please enter the information below to continue."

In the pop-up window, the user is asked to enter several pieces of sensitive information, such social security number and mother's maiden name.

"Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective," Klein said.

A recent report from security firm PhoneFactor found Zeus-like attacks pose the greatest threat to online banking today: http://media.scmagazineus.com/documents/20/onlinebankingsecuritysurvey201_4778.pdf
The surveyed asked approximately 70 financial services professionals about the threats currently facing online banking, what banks are doing to protect their customers and perceptions about the role security plays in customer loyalty. More than half, 51 percent, of respondents said real-time attacks from online banking trojans such as Zeus were the most pressing threat they face. Password phishing and pharming were a distant second with 24 percent of respondents indicating password attacks are the greatest threat to online banking.

(PCW)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising