ProperBlog

Security for the masses

Skip to: Content | Sidebar | Footer

Zeus Botnet vs UK bank accounts

12 August, 2010 (14:46) | A cat called password. | By: Blogkeep

Security researchers tracked down a Zeus-based botnet that raided more than $1m from 3,000 compromised UK online banking accounts.

Using browser and application based vulnerabilities and drive-by download attacks cyber criminals managed to install version 3 of the Zeus trojan onto compromised machines. There are kits available via the underground that make such installs trivial for all but the most simple minded people.

Version 3 of Zeus uses an encrypted tunnel to communicate with it’s C&C servers.

A white paper by M86 Security can be found here Warning:PDF. Link opens in new window.

Unfortunately such exploits succeed because the vast majority of computer users are not IT literate, they are just consumers, with very little idea of the distinction between computer hardware and software. They see the computer as a whole. A little box pops up advising the user that an upgrade to a component is required. To the average consumer this is not a subtle attempt by a rogue website to install malicious software. It is a request by their computer to perform a required update. So the malicious software is installed by the consumer in the false belief that the update is legitimate.

Only update your machine with files downloaded directly from the software developers site. Regardless of the website you are visiting, if a request pops in your browser advising that an update to a component… be that Adobe, Flash, browser plugins or the OS itself is needed to proceed, ignore it and close the browser. Go directly to the developers site for that component and see if there are any actual updates. I advise the use of Firefox and the NoScript add on. Yes, NoScript will break some websites, but it is simple enough to allow the scripted content once you determine that you can trust the site.

Write a comment