Zeus Malware Targets U.K. Computers

Aug. 16, 2010

The company that recently said the Zeus botnet was targeting the online banking customers of 15 major U.S.-based financial institutions and using their information to make fraudulent CNP purchases ( CNP Report July 22, 2010 ), now claims it has found a version of the pernicious malware being used to conduct financial fraud in the U.K. New York City-based Trusteer said a large version of Zeus, controlled from Eastern Europe, “appears to be controlling more than 100,000 infected computers, 98 percent of which are U.K. Internet users.” The company asserted that criminals have been harvesting online account IDs and login information to banks, credit and debit card numbers, account types and balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks and FTP passwords. Trusteer officials said they discovered the extent of the botnet after they gained access to its drop servers and command and control center which contained the stolen information. “This is just one out of many Zeus 2 botnets operating all over the world,” says Amit Klein, Trusteer’s chief technology officer. “What is especially worrying is that this botnet doesn’t just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user that can be used to augment their illegal access to those users’ online accounts.” The company is sharing the information with U.K. law enforcement agencies.