Article

Zeus banking Trojan used in attack on UK-based bank

Marcia Savage

Researchers at M86 Security said they uncovered a targeted attack against customers of a large UK-based financial institution that used a new version of the Zeus banking Trojan to compromise

    Requires Free Membership to View

3,000 accounts and steal more than $1 million.

The attack used a combination of Zeus v3 and the Eleanore and Phoenix exploit kits to target and infect the systems of customers of the global financial institution, according to M86 Security Inc., an Orange, Calif.-based provider of Web and email security. The websites used to host the attack were UK-specific, said Bradley Anstis, vice president of technical strategy at M86.

"The Trojan itself is benign until you visit the targeted financial institution, then it comes to life," he said. The malware then checks the account balance, and if it's more than $1000 in U.S. dollars, triggers transactions amounts ranging from $1,500 to $5,000.

Since July 5, the cybercriminals behind the attack have stolen 675,000 pounds ($1,077,000), according to M86, which said the attack continues.

The compromised accounts were a mix of commercial and consumer accounts, Anstis said. The command-and-control server for the attack was based in Eastern Europe.

The Zeus Trojan is known to target certain banks and regions, but the highly targeted nature of this attack -- against a single financial institution -- was unusual, as was its method of checking for a minimum balance, Anstis said.

The case is under investigation by law enforcement, he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: