Zeus Botnet Targets Holiday Shoppers

As holiday shoppers take advantage of the convenience of online shopping, a Zeus botnet is targeting credit-card account holders who shop several major U.S. retailers including Macys and Nordstrom.

Researchers with security firm Trusteer captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud, says Amit Klein of Trusteer in a blog post. The attack is using a Zeus 2.1.0.8 botnet, which is the latest and most sophisticated version of the Zeus malware platform, according to Klein.

MORE ABOUT BOTNETS

  • What a botnet looks like
  • The botnet hunters
  • Report: Rustock still top dog among spam botnets
  • With botnets everywhere, DDoS attacks get cheaper
  • CNP fraud takes place in transactions when a credit card is not physically present at the point of sale, as in an Internet, mail, or phone purchase. In this particular attack, social engineering is used after an infected user logs onto one of the targeted retailer's card services website and the botnet causes a man-in-the-middle-style pop up that says: "In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online. Please enter the information below to continue."

    In the pop-up window, the user is asked to enter several pieces of sensitive information, such social security number and mother's maiden name.

    "Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective," Klein said.

    A recent report from security firm PhoneFactor found Zeus-like attacks pose the greatest threat to online banking today. The surveyed asked approximately 70 financial services professionals about the threats currently facing online banking, what banks are doing to protect their customers and perceptions about the role security plays in customer loyalty. More than half, 51 percent, of respondents said real-time attacks from online banking trojans such as Zeus were the most pressing threat they face. Password phishing and pharming were a distant second with 24 percent of respondents indicating password attacks are the greatest threat to online banking.

    Read more about data protection in CSOonline's Data Protection section.

    Subscribe to the Security Watch Newsletter

    Comments