ZeuS, one of the master crimeware tools used by hackers comes in thousands of variants. Recently, Security researchers have revealed that hackers have redesigned ZeuS Trojan to attack bank accounts of companies and business entrepreneurs. The latest revelation comes after a study by Internet security researchers at Idappcom. ZeuS has been used to capture financial information in the past. The strategy reflects the continuous endeavor of hackers to launch new and sophisticated attacks. The strategy works on the principle that corporate bank accounts are likely to have more funds An investigation by Federal Bureau of Investigation has revealed that corporates in U.S have suffered losses of around 70 million dollars as a result of ZeuS Trojan attack. The funds are transferred to illegal money mule accounts of criminals.
Therefore, corporates using online bank accounts face fresh financial and information security challenges.
An attacker can use ZeuS Trojan to build customized botnets and steal privileged information. Internet users may inadvertently execute ZeuS Trojan by clicking on a seemingly reliable, but malicious link purportedly coming from a trusted source. On infecting a computer system, the Trojan implants itself into the target system’s web browser. When a corporate banking customer opens a trusted online banking site and enters the login details, the Trojan captures the information entered. The Trojan can distort the webpage of a trusted site to capture the confidential information. The captured information can be used by attackers to pilfer corporate bank accounts.
The revelation follows an earlier attack that targeted members of LinkedIn professional networking site through Bugat malware. As corporate banking accounts are likely to have frequent high value transactions, a ZeuS Trojan may not only have financial implications for a business, but also result in disruption of business activities.
Corporate and personal bank account holders must exercise caution while using Internet and online banking facility to ensure information security. ZeuS attacks can be avoided by adhering to simple precautions such as directly typing the web address on the web browser to access a site, ignoring requests from unknown persons, deleting e-mails from anonymous or unknown persons, de-activating auto-play option, restricting incoming Internet connections and by logging into the computer with user privileges, rather than administrative privileges.