The Inquirer-Home

Action Fraud warns of a Zeus malware strain that puts Facebook and Gmail users at risk

Malware acts as a login screen to ask for users' credit card information
Wed Jul 04 2012, 15:20

A STRAIN of Zeus Malware that puts Facebook and Gmail users at risk of cyber crime has been brought to attention by Action Fraud, the National fraud reporting centre for information regarding financially motivated internet crime.

Action Fraud's warning highlights a report by security firm Threatmetrix, which said the latest Zeus Trrjan variant catches victims off-guard by posing as typical login pages for Facebook and Gmail. It then asks users to input card details with a persuasive scam message.

After the victim logs in, it waits to attack after a website's login page appears to be functioning normally. It's then that the Zeus Trojan attempts to steal the confidential information.

A security researcher at Kaspersky Labs, Marta Janus, told The INQUIRER, "This variant of Zeus spreads via P2P networks and uses the technique called 'Man in The Browser' to dynamically inject malicious code into the specific websites while they are displayed in the user's browser."

"Once the user successfully logs into their account on one of these portals, instead of original content, they will see a web page manipulated by malware that is running on their computer. The purpose of this Trojan is still the same though - obtaining users' credit/debit card details."

The common scam messages users should look out for include "Transferring Facebook Credits to your bank account is now available!", "Earn up to 20 per cent cash back purchasing Facebook Credits with your MasterCard or Visa debit card" and "Link your debit card right now with your Google Mail account to pay simply and securely at more than 3,000 stores online".

Action Fraud warned regular social network users to check whether the browser address changes from 'https' to 'http' to indicate you have lost a secure connection. "Also look for a padlock or an unbroken key symbol on your web browser," the Action Fraud web page advised.

On Tuesday, software house Microsoft released the identities of two men it believes to be the ringleaders of the Zeus botnet, and said it passed their names on to the US Federal Bureau of Investigation (FBI). µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015