Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Zeus Victimizes Cloud Payroll Service

Zeus malware are being employed by cybercriminals for targeting companies using cloud-based payroll services, according to researchers from security firm, Trusteer, as reported in pcworld on April 10, 2012.

According to Amit Klein, the Chief Technology Officer, organizations offering payroll services are highly on cards of cyber crooks, as a large chunk of money can be easily stolen from regular online banking accounts, as per news published in pcworld on April 10, 2012. Actually the Zeus attacks are specifically intended to shift large amount of funds to the criminals avoiding any of the strength control upheld by large businesses.

Of recent, researchers have revealed Zeus configuration targeting Ceridian, a human resource and payroll solutions provider in Canada. The attack is designed to capture a screenshot of the webpage offering payroll services (https://clients.powerpay.ca/powerpay/Logon*) from an infected system of a user. As a result of this attack, the user id, password, company number, and even the icon selected by the user for image-based authentication are being confiscated. Financial losses in this implant are anticipated to be quite substantial.

Earlier, in 2011, cybercriminals employed a similar method to steal an amount worth US$ 217,000 from Omaha, US-based Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization. According to published reports, the victimized was robbed off his credentials from the organization's payroll system.

Security experts signaled towards accessing cloud services that are less secured and more vulnerable towards a financial malware attack and used for the unmanaged devices.

Unfortunately, security mechanisms employed in traditional antivirus security mechanisms are incapable to secure corporate users from the Zeus attack. These kinds of attacks demand the employment of targeted investigation together with signature detection evasion for acquiring a foothold inside the systems of organizations.

However, over the last few years, crimeware kits including Zeus, SpyEye, and Eleonore have been offering uncountable updates, which signaled a sudden increase in the types of online services that are targeted by the malware. Botnet operators have also been using malwares for infiltrating into the payroll departments of various businesses. Zeus malware attack on Ceridian is a part of this malware scheme.

Related article: Zeus Trojan Stole Huge Amount of Information

ยป SPAMfighter News - 20-04-2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next