Zeus banking Trojan is hitting Firefox

REPORTS HAVE SURFACED that Internet Explorer users are not the only targets of the Zeus banking Trojan - Firefox users are now also under threat.

Security vendor Trusteer said that Zeus 1.6 was in the wild, while a beta version called version 2 of it was being tested with certain criminal groups that had access to the earlier versions. The main difference between these and the prior versions is that they target the Firefox browser as well. Trusteer said it is being found on one of every 3,000 computers it monitors.

Zeus, which has been around since late 2005, has been used by criminal organisations to commit targeted attacks against bank customers. It does this by keystroke logging and spreads through drive-by downloads or phishing attacks.

Older Zeus versions have usually been sold on the black market bundled with services. The Zeus botnet with an admin panel, web injection scripts and an exploit system could be bought for around $400. From the six months to March, security vendor Trend Micro blocked nine million attempted Zeus-related attacks.

Previously the Trojan couldn't attack Firefox, but Trusteer said that version 1.6 supports 'HTML injection' and 'transaction tampering', which bypass strong authentication and signing protocols.

Apart from its new ability to use Firefox, Trend Micro security expert Rik Ferguson told The INQUIRER that the fact it is a new version is almost irrelevant when it comes to the detection of the Trojan with security software.

He said, "One of the things that happens with Zeus, which happens with all malware these days, is that it gets packed and re-packed and continually re-packed in order to avoid traditional signature-based anti-malware solutions."

There is also a new Jabber chat module in Zeus 1.6 that can relay banking credentials back to criminals in real-time, which is an attempt to overcome two-factor authentication. µ