Zeus returns: FBI warns of 'Gameover' ID-theft malware

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.zdnet.com/blog/security/zeus-returns-fbi-warns-of-gameover-id-theft-malware/10002

Summary: The newest strain of the notorious Zeus malware family is
capable of defeating common methods of user authentication employed by
financial institutions.

A new variant of the notorious Zeus identity-theft Trojan is making
the rounds and the Federal Bureau of Investigations (FBI) says it is
capable of defeating common methods of user authentication employed by
financial institutions.

The latest strain of the ID-theft malware, called Gameover, begins as
a phishing scheme with spam e-mails — purportedly from the National
Automated Clearing House Association (NACHA), the Federal Reserve
Bank, or the Federal Deposit Insurance Corporation (FDIC) — that leads
to malware infection and eventual access to the victim’s bank account.

> From the FBI warning:

The malware is appropriately called “Gameover” because once it’s on
your computer, it can steal usernames and passwords and defeat common
methods of user authentication employed by financial institutions. And
once the crooks get into your bank account, it’s definitely “game
over.”

Gameover is a newer variant of the Zeus malware, which was created
several years ago and specifically targeted banking information.

The FBI said the phishing lures typically includes a link in the
e-mail that goes to a phony website.  ”Once you’re there, you
inadvertently download the Gameover malware, which promptly infects
your computer and steals your banking information,” it warned.

The FBI said recent investigations have shown that some of the funds
stolen from bank accounts go towards the purchase of precious stones
and expensive watches from high-end jewelry stores.

The criminals contact these jewelry stores, tell them what they’d like
to buy, and promise they will wire the money the next day. So the next
day, a person involved in the money laundering aspect of the
crime—called a “money mule”—comes into the store to pick up the
merchandise. After verifying that the money is in the store’s account,
the jewelry is turned over to the mule, who then gives the items to
the organizers of the scheme or converts them for cash and uses money
transfer services to launder the funds.

Here’s a good look at how the scheme works:

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/