Cybercriminals Using Zeus Botnet to Steal Charles Schwab Investment Accounts

Derek Manky, Project Manager for Cybersecurity and Threat research at Sunnyvale, California based Fortinet said on 15th, October 2010 that, the cybercrooks are exploiting the Zeus botnet to target investment accounts of Charles Schwab (provider of investment services), as reported by COMPUTERWORLD on October 16, 2010.

Manky further stated that cybercriminals are regularly increasing their horizons. He added that they had noticed some discussions of investment accounts being attacked by Zeus botnet, but they never got any evidence regarding that.

According to the reports, Zeus infection came via a message pretending to be a LinkedIn reminder, but actually enclosed malicious links that leads to poisoned websites. These websites then attack the Windows system with variant drive-by exploits and then find one that operates. Among the flaws exploited, Windows Help & Support Center bug was revealed in June (2010) by a Google security engineer and was fixed by Microsoft in July (2010).

After compromising a machine for exploitation, Zeus botnet, then secretly steals login credentials such as password, username or any other private information for Schwab's account. The attack code also includes a fake form that asks users to furnish more information, so that the crooks can verify that whether they are genuine users of the Schwab investment account. The form includes columns like users driving license number, employer or mother's maiden name.

According to Manky, criminals utilize the form to get some extra verification information so that they can easily avoid confirmation doubts after they conduct online transactions exploiting the stolen login credentials.

As per Manky, Zeus, similar to all other groups, siphons money, and then transfer funds to the masterminds behind the money transfer organization. Once the crooks gain access to the investment accounts they not only withdraw the cash but also sell securities to make more cash.

Commenting on Zeus, security experts said that, though, recently, police in the U.S., the U.K., and Ukraine arrested over 100 members of a Zeus crimeware group, the opponents were adding a beneficial investment of the financial statements with their basic intention of Internet banking. Experts cautioned that the arrests only wouldn't halt the botnet because other crimeware groups may easily get into the space.

Related article: Cheburgen.a: A New Email Worm

» SPAMfighter News - 10/27/2010