ZeuS Sample Promises Employment that’s actually of Money-Mule
Trusteer warns that cyber-criminals have unleashed Trojan ZeuS that becomes active when Web-surfers go to careerbuilder[.]com having a program, which diverts them onto one advertisement that actually promotes one mule-hiring website.
The security company detected certain ZeuS variant that was appropriately configured, while a MiTB (man-in-the-browser) assault attempted at diverting end-users onto marketandtarget[.]com that's since inaccessible.
And because the entire thing occurs on the host computer that has been infected, the real website of CareerBuilder has little for doing anything. The ZeuS variant inserts the program code inside the victim's browser, while the user, if tempted accesses marketandtarget[.]com, he'll get invited for sending an application to get hired to a coveted-appearing position which, in fact, is simply one money-mule job in disguise.
A certain example that Trusteer discovered was looking for 'mystery shoppers' i.e. individuals passionately wanting to shop. In this, illegal cash would get deposited inside the mule's bank a/c that he'd spend for purchasing costly as also salable items, which the criminals would subsequently sell in exchange of legal cash.
Career websites similar as CareerBuilder have a high preference among cyber-criminals for aiming attack on, particularly while hiring 'money-mules:' people willingly else unknowingly getting involved in attackers' scam to help them capitalize on stolen funds.
In a blog-post, Etay Maor, Manager of Fraud Prevention Solutions at Trusteer stated that the ZeuS controllers, utilizing CareerBuilder like one base, maximized their targets for possible mules. Unlike presenting fake e-mails or appending data fields, the HTML injection within the current instance strangely attempted at redirecting victimized users onto one bogus employment opportunity. And since the victims were keenly seeking a job, the redirection at that time involving careerbuilder[.]com was more likely towards convincing them that they were indeed presented with a real employment opportunity, Maor explained. Trusteer.com published this dated June 12, 2013.
Meanwhile, since both CareerBuilder website as also any server aren't actually hijacked, therefore, Web-surfers non-contaminated with ZeuS aren't at risk of the scam.
However, it's advisable that users maintain their system software, anti-viruses as well as browser plug-ins patched and up-to-date for protection from the ZeuS or other malware.
» SPAMfighter News - 20-06-2013