Zeus 3 attack steals £675,000 from UK bank
Zeus is back again and has targeted one UK bank, taking £675,000 from user accounts.
Hackers have hit a UK bank with a Zeus version 3 Trojan, compromising around 3,000 customer accounts and taking 675,000 between 5 July and 6 August.
They combined the Zeus malware with exploit toolkits to remain undetected by anti-fraud systems, M86 Security Labs has discovered.
Once the victim's system had been infected and they entered their online banking service, Zeus v3 was able to initiate transfers from user accounts to the criminal masterminds.
Money mules were used to support the operation, as legitimate bank account holders were duped into becoming unsuspecting middlemen, helping transfer funds for the cyber criminals.
Talking about how this attack is unique, Bradley Anstis, vice president of technical strategy for M86 Security, noted it focused on only one, as yet anonymous, financial institution.
"Typically these guys are lazy and they'll go after the low hanging fruit," Anstis told IT PRO.
"The attack is still going on. We've been tracking it since about the end of July, but we can see log files back to the beginning of July so we're not exactly sure when the actual attack started."
It is likely more than 675,000 has been stolen by the hackers, Anstis said.
"You certainly don't need to go bursting through the front door of your bank with a pistol in your hand anymore," he added.
"I think banks maybe need to take their controls to a higher level."
The hackers in this case were highly sophisticated. They used a number of techniques to spread the malware, including the publishing of malicious ads on legitimate websites, or simply infecting such sites.
By using the Eleonore Exploit Kit, the cyber criminals were also able to determine what country an infected user was based in and in this case they targeted UK bankers.
As soon as victims logged into their internet banking service, the Trojan sent the login ID, date of birth and a security number back to the command and control (C&C) server, which was located somewhere in Eastern Europe.
Data placed into the form was then sent to the C&C system rather than the bank and the information was analysed to determine how much money was in the targeted account.
Once the Trojan had been told which money mule was to be used and the illicit transaction was completed, Zeus v3 continued to listen to the bank response and report back to the C&C system.
The development comes hot on the heels of a Zeus version 2 botnet being uncovered, controlling over 100,000 computers.
Shining light on new 'cool' cloud technologies and their drawbacks
IONOS Cloud Up! Summit, Cloud Technology Session with Russell BarleyWatch now
Build mobile and web apps faster
Three proven tips to accelerate modern app developmentFree download
Reduce the carbon footprint of IT operations up to 88%
A carbon reduction opportunityFree Download
Comparing serverless and server-based technologies
Determining the total cost of ownershipFree download