Bank Trojan Takes Aim at Firefox Users

The world's most feared banking Trojan, Zeus, is going after Mozilla Firefox users for the first time, security company Trusteer has reported.

Also known as Zbot, Zeus is designed to steal banking logins from its victims using sophisticated web form spoofing as well as keyloggging. It has previously steered towards Internet explorer thanks to security layers built into Firefox.

According to Trusteer, version 2.0 of the Zeus Trojan has cracked Firefox security, and real examples targeting the browser are now being seen at a rate of one in 3,000 PCs scanned by the company's Rapport service.

Trusteer describes this as a 'unprecedented rate of distribution', which is probably not an unfair characterisation given the malware's known tendency to deliberately under-infect available victims as a way of staying out of the detection range of honeypots. Variants of Zeus also have a history of evading many antivirus scanners when they first appear."We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before," said Trusteer's CTO, Amit Klein.

The company's Flashlight and Rapport services detect the latest version of Zeus, however, and the company recently developed a hardened version of Mozilla for UK bank HSBC specifically to counter the threat of advanced banking Trojans such as Zeus.

Although the plug-in should offer some protection against banking Trojans such as Zeus, it is designed to be used tied to a specific bank's site using encryption, a technique that would stymie html injection attacks.

Subscribe to the Security Watch Newsletter

Comments