At least 100,000 computers in the U.K. are infected with the Zeus malware, an advanced piece of spying software that is regularly defeating most antivirus software suites.
Researchers managed to analyze a server used to collect details from the hacked PCs, which likely became infected by visiting Web sites engineered to attack computers and install Zeus.
What they found was startling. Zeus is designed to monitor computers and collect information, but the operators of this group of infected computers have taken data collection to a higher level.
For these hacked computers, Zeus was recording all traffic sent through a browser, including that transmitted using SSL (Secure Sockets Layer), a method used to encrypt sensitive data between two points.
"Anything the user sees from the browser or anything they type in the browser is being captured by the malware."
All of the data captured by Zeus is sent to a remote a database, which the Trusteer researchers were able to access. They found that the command-and-control software for Zeus is capable of doing keyword searches in that database, Boodaei said.
Since Zeus can see any data in the browser, it means that the cybercriminals know exactly when a person last accessed their bank account and the account balance without even needing to log into the account.
The Zeus database also holds a lot of other information, such as company e-mail, log-ins for social networking sites and financial credentials, Boodaei said.
Zeus has been so successful due to the high number of variants that have been modified to evade security software.
"The reason is that Zeus is so sophisticated it keeps changing its behavior,"
Researchers managed to analyze a server used to collect details from the hacked PCs, which likely became infected by visiting Web sites engineered to attack computers and install Zeus.
What they found was startling. Zeus is designed to monitor computers and collect information, but the operators of this group of infected computers have taken data collection to a higher level.
For these hacked computers, Zeus was recording all traffic sent through a browser, including that transmitted using SSL (Secure Sockets Layer), a method used to encrypt sensitive data between two points.
"Anything the user sees from the browser or anything they type in the browser is being captured by the malware."
All of the data captured by Zeus is sent to a remote a database, which the Trusteer researchers were able to access. They found that the command-and-control software for Zeus is capable of doing keyword searches in that database, Boodaei said.
Since Zeus can see any data in the browser, it means that the cybercriminals know exactly when a person last accessed their bank account and the account balance without even needing to log into the account.
The Zeus database also holds a lot of other information, such as company e-mail, log-ins for social networking sites and financial credentials, Boodaei said.
Zeus has been so successful due to the high number of variants that have been modified to evade security software.
"The reason is that Zeus is so sophisticated it keeps changing its behavior,"
Posts
