Trusteer Press Release
NEW YORK, July 14, 2010 –Trusteer, the leading provider of secure browsing services, today announced that the Zeus (Zbot) financial malware is targeting online banking customers of 15 leading US financial institutions by exploiting two trusted credit card security programs. After users have initiated a secure online banking session, the Zeus Trojan injects into the browser a facsimile of the familiar Verified by Visa and MasterCard SecureCode enrollment screen. It then prompts users to enter their social security number, credit or debit card number, expiration date, and PIN or CSV code. For a sample of the fake enrollment screen, see: http://www.trusteer.com/sites/default/files/ZeusVisaMastercardFraud.jpg
The information gathered by Zeus is used by fraudsters to commit ‘card not present’ transactions with retailers that employ Verified by Visa and SecureCode protection. This stolen data allows criminals to impersonate their victims and register with these programs to ensure fraudulent transactions elude fraud detection systems.
Anti malware detection of Zeus has a poor track record. In a 2009 report based on information gathered from 3 million desktops in North America and the UK Trusteer found that the majority of Zeus infections occur on antivirus protected machines. Specifically, Trusteer found that among Zeus infected machines 55% had up-to-date Antivirus protection installed. The population of machines infected with Zeus is enormous — one in every 100 computers according to Trusteer research.
http://www.trusteer.com/company/press/trusteer-warns-financial-malware-attacking-leading-us-banks-using-visa-and-mastercard-
Some Zeus history, Brian Krebs Blog: http://krebsonsecurity.com/?s=Zeus&x=0&y=0
