Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab sensitive business data from that customer's CRM instance.
‘GameOver’ Banking Trojan is also a variant of Zeus financial malware that spreads via phishing emails. GameOver Zeus Trojan makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site.
TAREGET - EMPLOYMENT WEBSITES
Now, a new variant of GameOver Zeus Trojan has been spotted, targeting users of popular employment websites with social engineering attacks, implemented to fetch additional private information about the victims, that could be used for bypassing multi-factor authentication mechanisms on other websites or services.
The new variant has the capabilities to use complex web injections and perform Man-In-The-Browser (MITB) attack, which means it has caliber to infect a web browser to modify web pages, modify web contents or can insert addition contents, all in a completely covert fashion invisible to both the user and web host, even when other authentication factor solutions are in use.
Initially the new variant of the GameOver Zeus Trojan targeted ‘CareerBuilder.com’, which is the largest employment website in the US, but now the researchers at F-Secure came across the same variant targeting one of the world largest employment website, ‘Monster.com’.
MONSTER vs ZEUS
The victims are served with the fake login page which looks similar to the same legitimate page (hiring.monster.com) of the website. Once the victim login, they are directed to the web page injected by the malware.
The web page serves 18 different security questions to choose from, that are nothing but all the common security questions which the various websites ask; from mailing websites to financial ones. The list of which are given below:
• In what City / Town does your nearest sibling live?
• In what City / Town was your first job?
• In what city did you meet your spouse/significant other?
• In what city or town did your mother and father meet?
• What are the last 5 digits / letters of your driver\'s license number?
• What is the first name of the boy or girl that you first dated?
• What is the first name of your first supervisor?
• What is the name of the first school you attended?
• What is the name of the school that you attended aged 14-16?
• What is the name of the street that you grew up on?
• What is the name of your favorite childhood friend?
• What is the street number of the first house you remember living in?
• What is your oldest sibling\'s birthday month and year? (e.g., January 1900)
• What is your youngest sibling\'s birthday?
• What month and day is your anniversary? (e.g January 2)
• What was the city where you were married?
• What was the first musical concert that you attended?
• What was your favorite activity in school?
The researchers warned the HR Recruiters with the website accounts to be on the lookout for any such irregularities.
“If the account is potentially tied to a bank account and a spending budget … it's a target for banking Trojans,” said the researchers.
Also in 2012, the FBI warned us about the ‘GameOver’ banking Trojan, but attackers are now bypassing every traditional security measures making Zeus more sophisticated piece of malware and putting Zeus to use it against various popular and big targets.
About the author