• United States



by Senior Editor

Zeus botnet targets holiday shoppers

Dec 13, 20102 mins
Application SecurityBotnetsCybercrime

Man-in-the-middle attack uses social engineering to get Macy's, Nordstrom account holders to reveal sensitive information

As holiday shoppers take advantage of the convenience of online shopping, a Zeus botnet is targeting credit-card account holders who shop several major US retailers including Macy’s and Nordstrom.

Researchers with security firm Trusteer captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud, said Amit Klein of Trusteer in a blog post. The attack is using a Zeus botnet, which is the latest and most sophisticated version of the Zeus malware platform, according to Klein.


CNP fraud takes place in transactions when a credit card is not physically present at the point of sale, as in an internet, mail or phone purchase. In this particular attack, social engineering is used after an infected user logs onto one of the targeted retailer’s card services website and the botnet causes a man-in-the-middle-style pop up that says: “In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online. Please enter the information below to continue.”

In the pop-up window, the user is asked to enter several pieces of sensitive information, such social security number and mother’s maiden name.

“Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective,” Klein said.

A recent report from security firm PhoneFactor found Zeus-like attacks pose the greatest threat to online banking today. The surveyed asked approximately 70 financial services professionals about the threats currently facing online banking, what banks are doing to protect their customers and perceptions about the role security plays in customer loyalty. More than half, 51 percent, of respondents said real-time attacks from online banking trojans such as Zeus were the most pressing threat they face. Password phishing and pharming were a distant second with 24 percent of respondents indicating password attacks are the greatest threat to online banking.