Zeus Trojan steals $1 million from U.K. bank accounts

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://news.cnet.com/8301-27080_3-20013246-245.html

By Elinor Mills
InSecurity Complex
CNet News
August 10, 2010

Consumers and businesses in Great Britain have lost more than $1 million 
so far this summer from a Trojan that is infecting their computers, 
prompting them to log into their bank accounts, and then is 
surreptitiously transferring money to scammers in other countries, 
security researchers said on Tuesday.

About 3,000 bank accounts were found to be compromised at one financial 
institution, which was not identified, according to a white paper released 
by M86 Security.

The multilevel scheme uses a combination of a new version of the Zeus 
keylogger and password stealer Trojan, which targets Windows-based 
computers and runs on major browsers, and exploit toolkits to get around 
anti-fraud systems used at bank Web sites, the report found.

Bank sites that offer two-factor authentication, such as one-time 
passcodes and ID tokens, are ineffective because the malware has taken 
over the browser after the victim has logged into the banking site, 
Bradley Anstis, vice president of technology strategy at M86 Security, 
told CNET.

[...]


Also:

http://www.darkreading.com/smb-security/security/attacks/showArticle.jhtml?articleID=226600381
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php