The Zeus Trojan is using a new tactic to fool users by exploiting the Verified by Visa and MasterCard SecureCode security programs, researchers at online security provider Trusteer Inc.
When users of machines infected with Zeus start up an online banking session, the bank Trojan injects a fake enrollment screen for one of the security programs and prompts users to input their Social Security number, credit or debit card number, expiration date, and PIN or CSV code, according to New York-based Trusteer.
In the scheme, users are told that new FDIC rules require that they enroll in the Verified by Visa/MasterCard SecureCode program to protect their accounts.
Criminals use the data collected by Zeus to commit fraudulent transactions with retailers that use the payment card security programs, Trusteer said. The company, which supplies a browser security plug-in, discovered the new Zeus scheme through its Flashlight computer forensic service.
The Zeus Trojan, also called Zbot, has been used extensively by criminals in online banking heists, mostly against small and midsize businesses, nonprofits and municipalities.