Article

Zeus spoofs Visa, MasterCard security programs

SearchFinancialSecurity.com Staff

The Zeus Trojan is using a new tactic to fool users by exploiting the Verified by Visa and MasterCard SecureCode security programs, researchers at online security provider Trusteer Inc.

    Requires Free Membership to View

said.

When users of machines infected with Zeus start up an online banking session, the bank Trojan injects a fake enrollment screen for one of the security programs and prompts users to input their Social Security number, credit or debit card number, expiration date, and PIN or CSV code, according to New York-based Trusteer.

In the scheme, users are told that new FDIC rules require that they enroll in the Verified by Visa/MasterCard SecureCode program to protect their accounts.

Criminals use the data collected by Zeus to commit fraudulent transactions with retailers that use the payment card security programs, Trusteer said. The company, which supplies a browser security plug-in, discovered the new Zeus scheme through its Flashlight computer forensic service.

The Zeus Trojan, also called Zbot, has been used extensively by criminals in online banking heists, mostly against small and midsize businesses, nonprofits and municipalities.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: