After ZeuS and SpyEye were rumored to have merged, many security professionals were concerned that advanced online banking malware would hit the scene sometime soon. According to Yahoo News, it appears that time may be now.
Both ZeuS and SpyEye are malware programs created to evade security software, intercept communications between your PC and bank, and then report the details back to a central command post. Many people have had their bank accounts drained by these tools, and the newly combined software looks to up the ante in the arms race between security software and malware.
While it sounds like the base functionality of the new tool is similar, there are a couple of new features that have been added. First, the tool is now able to bypass the browser add-on Rapport. Secondly, the malware allows the attacker to remotely connect to an infected PC using RDP, although it is unclear if this will work if the port is blocked at the firewall. The tool appears to still be in beta, and fixes are being released on a daily basis.
To make matter worse, detecting the malware with anti-virus software has proven to be extremely difficult for security vendors. Due to this, it's estimated that the botnet contains 3.6 million infected machines in the US alone.
Currently the usage of the new tool appears low, but it is only a matter of time before more criminals purchase the package. While not a complete cure for the issue at hand, banks need to start considering using more than simple passwords for users. Technology such as one-time passwords on fobs or sent to cell phones via SMS messages could go a long way to reducing the threat, although responsible browsing is the #1 layer of security.
25 Comments - Add comment