BreachExchange mailing list archives
Zeus Trojan steals $1 million from U.K. bank accounts
From: security curmudgeon <jericho () attrition org>
Date: Wed, 11 Aug 2010 01:27:38 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://news.cnet.com/8301-27080_3-20013246-245.html By Elinor Mills InSecurity Complex CNet News August 10, 2010 Consumers and businesses in Great Britain have lost more than $1 million so far this summer from a Trojan that is infecting their computers, prompting them to log into their bank accounts, and then is surreptitiously transferring money to scammers in other countries, security researchers said on Tuesday. About 3,000 bank accounts were found to be compromised at one financial institution, which was not identified, according to a white paper released by M86 Security. The multilevel scheme uses a combination of a new version of the Zeus keylogger and password stealer Trojan, which targets Windows-based computers and runs on major browsers, and exploit toolkits to get around anti-fraud systems used at bank Web sites, the report found. Bank sites that offer two-factor authentication, such as one-time passcodes and ID tokens, are ineffective because the malware has taken over the browser after the victim has logged into the banking site, Bradley Anstis, vice president of technology strategy at M86 Security, told CNET. [...] Also: http://www.darkreading.com/smb-security/security/attacks/showArticle.jhtml?articleID=226600381 _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Zeus Trojan steals $1 million from U.K. bank accounts security curmudgeon (Aug 12)