Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Next-Generation Banking Malware Emerges After Zeus 48

Posted by Soulskill from the survival-of-the-fittest dept.
Batblue writes "The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation. What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert. Seculert has published screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, he said."
This discussion has been archived. No new comments can be posted.

Next-Generation Banking Malware Emerges After Zeus More

Next-Generation Banking Malware Emerges After Zeus

Comments Filter:

  • Oh no! They're gonna get at the wad of money buried in the back yard! It may only earn the interest of worms, but at least its not funding wall street

    • The safest banking is to follow the law of God which the bankers should themselves be following. Pick up only enough for today--maybe enough for tomorrow or a few days. If you find yourself picking up enough for next season, next year, years to come, generations to come, then you're already doomed.

    • Your savings account money typically funds mortgages and small businesses. "Wall Street" runs on capital largely derived from the sale of stocks, and banks don't buy stock with their depositors' money.

  • Alternative link (Score:4, Informative)

    by hellkyng ( 1920978 ) on Friday February 04, 2011 @12:41PM (#35105126)

    Kreb's writeup is pretty good as well, not that anyone reads tfa.

    http://krebsonsecurity.com/2011/02/revisiting-the-spyeyezeus-merger/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+(Krebs+on+Security) [krebsonsecurity.com]

  • Comment from TFA (Score:3, Interesting)

    by beschra ( 1424727 ) on Friday February 04, 2011 @01:03PM (#35105336)
    Thought this was worth including in /. "Question (and not a rhetorical one): Do you think that if the US Congress issued a Letter of Marque and Reprisal to a licensed and bonded cyber privateer, and tasked that privateer to loot the bad guys, that the bad guys would think twice before plying their trade? In other words, is there a deterrent value?"

    • Re: (Score:2)

      by deKernel ( 65640 )

      Wow, that is a very interesting question. I would think that it would not be such a good idea to act in such an overt manor. The one issue I see is that some/most of the "command and control" servers are located in other sovereign countries...some of which are even friendly, so attempting to breach such machines could be construed as an attack on a sovereign nation.

      Now with that, I believe that it is something that organizations such as the CIA or NSA should be doing this in a covert manor.

  • I think it should be expected that there will always be something better, more efficient, and equally if not more spooky than the malware that we know about. The unknown stuff is the malware you should be worried about.

  • I see, it's either computer malware, Internet malware or now banking malware. How much PR effort must have gone into inserting that particular viral marketing meme into the blogosphere ..

  • I'm starting to think I should try modifying an Ubuntu live DVD so it's preconfigured to ignore HDD and block out everything but my bank. I'd still have to save files to USB though.

    Anyone have experience with Rapport? Is it some lightweight thing you just run when you want to access internet banking or is it some nuisance running all the time?

    • You can install a full working system to a USB device using the Ubuntu Live USB [wikipedia.org] creator. You can configure it so save your configuration to a separate partition and make it readonly using a physical read-write switch. Your session runs from memory and so is flushed at each reboot. There are various desktop environment available, one of the lightest is Lubuntu [slashdot.org]. Any business out there doing online Banking should produce their own customized Live CD and hand them out to their employees, there are various syste

      • USB sticks with "physical read-write switch" don't exactly grow on trees.
        As far as I know only Kanguru and Imation(aka 3M) make them and Imation's USB Sticks are slow. Kanguru Sticks are hard to come by.

        Is there such a thing as an inline USB write protect switch?

        • Re: (Score:2)

          by b0bby ( 201198 )

          USB sticks with "physical read-write switch" don't exactly grow on trees.
          As far as I know only Kanguru and Imation(aka 3M) make them and Imation's USB Sticks are slow. Kanguru Sticks are hard to come by.

          Is there such a thing as an inline USB write protect switch?

          Would an SD card in a reader respect the write protect switch? Both SD cards & USB readers for them are cheap & easily available.

        • actually, I remember that many USB sticks had the readonly switch, back then, with sizes like 128Mb.
    • In Germany, this malware would not work at all. Every transaction requires you to input something called an iTAN, which is a one-time-use 6 digit code that the bank sends you by mail. So you get a paper with 100 iTAN numbers, and when you almost use them up, they send you another list. When you switch to the new list, you have to enter an iTAN from the old list. I feel much more secure with this system than what's implemented in the US and Canada.
      • but the virus could steal that 'itan' code the moment you type it and make another transaction instead..

        i think the only good solution so far has been livecd (assuming bios is ok).
        or using seperate, locked down, firewalled, etc.. computer only for banking.

      • Re: (Score:2)

        by DaveGod ( 703167 )

        The malware defeats your bank's measures by performing a man-in-the-middle attack. When you point your browser at your bank's website the malware steps in and it accesses your bank and sends you a copy of the page. You enter the details of your supplier but the malware substitutes their own account details. You then dutifully go through the security routine, unwittingly authorising the wrong account. iTAN is completely defeated by both phishing and man-in-the-middle, all it is any good for is against key lo

      • Not true at all. All that is is cross site request forgery protection. Wont help you a single bit if the attacker substitutes his or her self as a payee and substitutes your remaining balance as the amount.

        It Also would not help you if the transaction reponse page was a fake and the attacker collected a week's worth of your ITANS, how often does the average Germal banking customer call thier Bank? If the bank delivers electronic statments then, you will never see one showing fraud, and if they deliver physi

    • Re: (Score:2)

      by tlhIngan ( 30335 )

      I'm starting to think I should try modifying an Ubuntu live DVD so it's preconfigured to ignore HDD and block out everything but my bank. I'd still have to save files to USB though.

      Anyone have experience with Rapport? Is it some lightweight thing you just run when you want to access internet banking or is it some nuisance running all the time?

      Or, why not just get a netbook, completely erase the hard drive and install your favorite Linux? Lock it down, image it and use it only for banking.

      Banking only needs

  • They are immune from fees and all that other banking stuff!

Slashdot Top Deals

The 11 is for people with the pride of a 10 and the pocketbook of an 8. -- R.B. Greenberg [referring to PDPs?]

Close