$1 Million Stolen from UK Bank Accounts by New Zeus Trojan
Researchers at M86 Security have disclosed about another botnet built on the Zeus Trojan named Zeus v3 which means swiping bank information from unnamed financial accounts in the UK. This ongoing attack is known to have stolen £675,000 or nearly $1.1 Million from customers during July 5, 2010 - August 4, 2010.
Security firm M86 has elaborated that in addition to the usage of Zeus v3 Trojan, cyber criminals are using the Phoenix and Eleonore exploit kits. These kits exploit victims' browsers to inject trojans into their PCs.
The process began with corrupt banner advertisement placed on legal websites. Those users who followed the advertisement would be taken to a corrupt website containing exploit kits. Further, the users would be taken to the exploit kit and their computer systems would become infected, said the security researchers.
Bradley Anstis, Vice President of Technical Strategy for M86, threw light on the latest sophisticated attack. Anstis said that the initial infection where the exploit kit compromised the victim's machine used a number of vulnerabilities listed in the paper by them. One of the vulnerability was an Internet Explorer which affected IE v6 & v7," as reported by news.cnet on August 10, 2010.
However, one of the six or so vulnerabilities which could have been used for the initial infection. The victim machine is tested by the exploit kits for each one so as to get a successful infection.
In another statement, Anstis has concluded that the only way of protecting against such attacks within the browser is to implement real time code analysis technologies which can detect and block malicious commands proactively, reported by computerweekly on August 13, 2010.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 18-08-2010