It is like the plot of a Hollywood movie, only the bad guys are definitely winning so far. Earlier this week, the internet security group M86 uncovered a Trojan virus targeting an unnamed financial institution in the UK. The “Zeus Trojan” has already siphoned off over $1 million from over 3,000 British customers between July 5 and August 4, and it shows no signs of stopping.
The thefts were discovered after M86 gained access to the command-and-control server in the Eastern Europe country of Moldova. As for the money, M86 could not give an exact location for where it was going, other than to suggest that it was heading into the former Soviet states- which likely meant that the money was going to the Russian mafia, or another Eastern European gang.
“We’ve never seen such a sophisticated and dangerous threat. Always check your balance and have a good idea of what it is.” M86 said in a security report released on Tuesday.
The Zeus Trojan, also known as Zbot has infected more than 37,000 computers in the UK through a drive-by download. Users visiting a compromised site would unknowingly receive the virus as a cookie, hidden as part of a legitimate ad on potentially any website.
Once the virus is on the computer, it waits until the user goes to their bank’s website — it is only one specific bank that has yet to be named as the investigation is ongoing — and then it intercepts password information before it can be encrypted. Once the trojan has access to the account, it checks to make sure that there is at least £800 available, then it begins to transfer anywhere up to £5,000 to various bank accounts. Once the transfer is complete, the virus then creates a false electronic statement to conceal the missing funds.
Most, if not all, of the victims will have their money reimbursed by the bank.
“In the vast majority of cases, if people had kept their computer’s operating systems and software such as Internet Explorer up to date they would not have been attacked,” Ed Rowley, product manager at M86 said, according to the Daily Mail.
“More often than not Trojans exploit known vulnerabilities that can be simply patched and fixed by downloading updates.”
Earlier this month, the UK based security group, Trusteer warned that more than 100,000 computers may have been infected with the Zeus Trojan, meaning that this is far from over.
