Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Zeus Trojan raids 3,000 UK bank accounts

Banks and antivirus powerless to stop attacks

Article comments

The attacks on UK online bank customers just keep coming. This time security company M86 Security has uncovered evidence that the Zeus Trojan recently broke into the accounts of around 3,000 customers at a major high street bank, stealing over $1million.

As with a number of recent busts of Zeus (aka Zbot) command & control servers, M86 Security discovered the UK account details on a server in a small East European country, culled using Zeus v3 after targeting customers of a single institution.

Close to £675,000 ($1.064 million) are said to have been taken from account holders at the bank between 5 July and 4 August.

A worrying picture is now emerging of a concerted series of targeted – and obviously successful  - attacks on a wide range of banks in the UK and beyond throughout the spring and summer of this year.

Last week, another security company, Trusteer, warned that 100,000 PCs in the UK alone had been found to be infected with versions of the Zeus Trojan, almost none of which appeared to be detectible by a range of antivirus programs.

Only a few weeks before that, Zeus was said to have attacked customers of 15 US banks using the Verified by Visa and MasterCard SecureCode credit card ‘card not present’ verification systems.

The attack has a number of concerning elements beyond the immediate losses, starting with the tardy response of the bank concerned. According to Bradley Anstis, VP of technical strategy at M86 Security, the bank seemed to have no clear procedure for a security company to inform them of what was a serious situation.

“It took us a week to find the right people,” he said.

According to the detailed white paper put out by M86 Security on the attack [PDF], criminals were also able to build the attack with the Phoenix and Eleonore Exploit Kits to target software vulnerabilities in common applications such as Adobe Reader, Internet Explorer, and Java.

Some of the vulnerabilities aimed at by Eleonore go back to 2006, 2007, and 2008, although one is as recent as this year. It looks from this as if patching has at least some influence on how vulnerable a consumer is to Zeus.

Visitors with the vulnerabilities unpatched would have encountered the Trojan through ads embedded on innocent-looking websites, including some apparently based in the UK. In M86’s analysis, few antivirus products could have stopped the obfuscated attacks, which raises the question of how UK consumers can protect themselves, if at all.

The company has its own hosted services to push, of course, but Anstis also recommended the use of sandboxed and virtualised browsers as one option. These isolate the browsing session from external capture, or at least do so at present. Longer term, it is clear that banks will have to introduce extra layers of authentication and fraud control.


More from Techworld

More relevant IT news


Bagel said: Virtualised browsers seem like a good option if youre using them to access a single site such as an online bank The point is security for this one site not general convenience

Ohanae said: Sandboxed carries an added overhead to the operating system while virtualized browser scarifies the coolest features making the browser unattractive Trying to switch back and forth between these technologies only confuse the user What makes defense difficult is that the compromise is likely to be at the users endpoint Has anyone thought about reinventing the password to enhance the security of Web applications while maintaining compatibility with antivirus suites of your choice

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *