Zeus variant uses card authentication programmes to dupe users

Security company Trusteer is warning of a new variant of the Zeus malware trojan that mimics the Verified by Visa and MasterCard SecureCode enrollment screen to rip sensitive data and passwords from PC users.

  0 Be the first to comment

Zeus variant uses card authentication programmes to dupe users

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The in-session attack dupes online banking customers into surrendering their personal data by claiming new FDIC rules require mandatory sign-up to the card protection programme. The injected enrollment screen prompts users to enter their social security number, credit or debit card number, expiration date, and PIN or CSV code.

The information gathered by Zeus is used by fraudsters to commit 'card not present' transactions with retailers that employ VbV and SecureCode protection, says Trusteer.

Zeus has been implicated in a wave of successful online banking assaults on US small businesses and a $6 million commercial account heist on 20 European banks in the summer of 2008. Trusteer reckons that one in every 100 computers may be infected with the trojan, which has been progressively engineered to circumvent common anti-virus programs.

Sponsored [Webinar] Money Mule Defence: Practical Applications and the Role of Technology

Related Company

Keywords

Comments: (0)

[Webinar] Trusted Transactions: The Future of Risk-Based AuthenticationFinextra Promoted[Webinar] Trusted Transactions: The Future of Risk-Based Authentication