Zeus botnet targets holiday shoppers
Man-in-the-middle attack uses social engineering to get Macy's, Nordstrom account holders to reveal sensitive information
By Joan Goodchild , Senior Editor
December 13, 2010 — CSO —
As holiday shoppers take advantage of the convenience of online shopping, a Zeus botnet is targeting credit-card account holders who shop several major US retailers including Macy's and Nordstrom.
Researchers with security firm Trusteer captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud, said Amit Klein of Trusteer in a blog post. The attack is using a Zeus 126.96.36.199 botnet, which is the latest and most sophisticated version of the Zeus malware platform, according to Klein.
CNP fraud takes place in transactions when a credit card is not physically present at the point of sale, as in an internet, mail or phone purchase. In this particular attack, social engineering is used after an infected user logs onto one of the targeted retailer's card services website and the botnet causes a man-in-the-middle-style pop up that says: "In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online. Please enter the information below to continue."
In the pop-up window, the user is asked to enter several pieces of sensitive information, such social security number and mother's maiden name.
"Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective," Klein said.
A recent report from security firm PhoneFactor found Zeus-like attacks pose the greatest threat to online banking today. The surveyed asked approximately 70 financial services professionals about the threats currently facing online banking, what banks are doing to protect their customers and perceptions about the role security plays in customer loyalty. More than half, 51 percent, of respondents said real-time attacks from online banking trojans such as Zeus were the most pressing threat they face. Password phishing and pharming were a distant second with 24 percent of respondents indicating password attacks are the greatest threat to online banking.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Joan Goodchild