Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 24th, 2010

Large European Banks Targeted By ZeuS Trojan

Security researchers from antivirus vendor Trend Micro have identified a variant of the infamous ZeuS computer trojan, which targets large banks located in Italy, Germany, France and the United Kingdom. The command and control server has been tracked down to a server in Serbia previously used in other cyber-criminal activities.

According to Trend Micro, amongst the targeted financial institutions are Banca di Roma (Bank of Rome), a subsidiary of UniCredit Group, which dominates the Central and Eastern European markets; Abbey National, the UK bank recently rebranded to Santander after its parent, Grupo Santander, one of the largest banking groups in the world; HSBC, the world’s leading banking group with a very strong presence in Europe; Crédit Mutuel, a major French retail bank; and the FIDUCIA Group, Germany’s top provider of IT services for credit unions and other financial organizations.

“At this point, we do have the data that show that these banks are indeed being currently targeted. We are including some names of the banks here to make people aware,” commented Ivan Macalintal, advanced threat researcher with the antivirus vendor.

Computers infected with this ZeuS variant, detected as TROJ_ZBOT.BYP by Trend Micro, contact two domain names hosted on a Serbian server. According to the security company, this server is known to have hosted domain names used in scareware distribution or spam campaigns in the past.

ZeuS, also known as Zbot, is one of the biggest malware threats currently circulating on the Internet. There are hundreds of ZeuS variants in the wild at any given time, because the trojan client is highly customizable and is being generated with a crimeware toolkit sold to cybercrooks on the underground market.

Zbot is capable of stealing login credentials for a wide array of account types, from social networking to webmail and FTP. However, by far the most targeted information is credit card details inputted into Web forms and online banking passwords.

The latest iteration of the crimeware platform can cost as much as $4,000, but it can also be extended through a series of independently developed and sold modules. Such add-ons are available for prices between $500 and $10,000, depending on their functionality.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Botnet Kit And Service Offered To Non-Techies
  • Compromised Through Exploit Toolkit, Visitors Might Get Private Data Stolen
  • Eastern European Banks Under Attack By Next-gen Crime App
  • osCommerce Compromised Sites Distribute ZeuS Spin-off Trojan, Millions Of Pages Infected
  • New Banking Trojan Discovered in the Wild

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Large European Banks Targeted By ZeuS Trojan

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.