Nerds On Call: BEWARE OF ZEUS - Trojan Steals Access to Bank Accounts

June 10, 2013 - PRLog -- A nasty Trojan virus nicknamed Zeus has been spreading quickly through social media forums like Facebook and via links to fake webpages.  Once a system is compromised, the virus lays in wait until the user accesses a banking account or credit card website wherein it captures login and personal data.  That information is then transferred to servers controlled by cybercriminals who sell the data or drain the victim’s bank account.

Zeus began circulating the net about six years ago, but has seen resurgence in recent months according to Internet security firm Trend Micro.  The New York Times’s Nicole Perlroth reports that millions of computers are already infected (http://bits.blogs.nytimes.com/2013/06/03/malware-that-drains-your-bank-account-thriving-on-facebook/), most of which are in the United States.  

Much of this malware’s recent rapid disbursement is via links posted on Facebook.  Culprits set up fake profiles and post links on popular fan pages or hack user accounts to spam links to “Friends.”  In many cases, links take the user to a website where they’re prompted to purchase knock-off designer goods.  After entering credit card info to complete the purchase, the victim’s credit card number (along with name and address) is sold or used to place fraudulent charges.  In other cases, the website link takes the user to an infected page that installs malicious code when accessed by the unsuspecting victim.

The virus is also spread from compromised email accounts: the Trojan accesses an infected user’s contact list and then sends emails with links to malware-infected pages.  The sender address is spoofed to appear as though the email was sent by the infected account, so anyone in the infected user’s contact list receives a message that appears to have come from a known source.  If you ever receive a suspicious-looking email with a link or attachment, even if you recognize the sender, do not click the link.  Instead, contact the sender to confirm that the email was truly sent by them.

Once infected, the Trojan virus runs silently in the background, harvesting users’ private data.  In some cases, compromised systems redirect victims to dummy websites made to appear like the user’s bank or credit card account login page so that more valuable personal information (such as social security number, date of birth, address, etc) can be collected.

Many of the fraudulent links used to spread Zeus via Facebook in recent months have ended in .tk (where you’d typically see .com or .org).  This domain indicates that the website is hosted via Tokelau, a small territory part of New Zealand which is, according to Jerome Segura of the anti-malware software company Malwarebytes, “a hotbed for all sorts of online fraud.”  As infected webpages are identified and blocked by browsers and/or antivirus software, cybercriminals simply set up a new web address, so there’s no easy way to eradicate Zeus and its variants from the net.

While Facebook has partnered with web security specialists WebSense and Web Of Trust (WOT) to identify, flag and alert users of potentially fraudulent links, it’s ultimately up to the user to exercise caution when clicking links on Facebook, in emails, or anywhere on the net.  Keep in mind that links to Zeus-infected pages are cropping up all over the Web, from comments on articles or blogs to sponsored ads, so users must remain diligent about avoiding web links from anywhere but a completely trusted source.

In a blog posted to Trend Micro’s “TrendLabs” (http://blog.trendmicro.com/trendlabs-security-intelligenc...), Jay Yaneza recommends that you bookmark trusted websites so that you don’t inadvertently mis-type an address and end up re-directed to an imposter site.  He cautions that users should avoid visiting unknown websites and keep their system’s anti-malware software up to date to reduce the risk of exposure.

Andrea Eldridge is CEO and co-founder of Nerds On Call, an on-site computer and laptop repair service (http://www.callnerds.com/) for consumers and businesses. Andrea is the writer of two weekly columns, Nerd Chick Adventures in The Record Searchlight, and Computer Nerds On Call, a nationally syndicated column for the Scripps-Howard News Service.  She regularly appears on ABC, NBC, FOX, and CBS on shows such as Good Day Sacramento, Good Morning Arizona and MORE Good Day Portland, offering viewers easy tips on technology, Internet lifestyle, and gadgets.  Andrea recently has begun working with Demand Media to produce content for eHow.com and has written a book for them Smartphone101: Integrating your iPhone into a Windows World. Andrea is available for Q & A’s, expert tech quotes and will appear on your show, call today! See Andrea in action at www.callnerds.com/andrea.

About Nerds On Call

Established in a spare room in Redding, Calif., in March 2004, Nerds On Call offers on-site computer and laptop repair services to consumers and businesses. Nerds On Call provides trouble-shooting for PCs and Macs, home and office networks, printers, iPods® and MP3 players, handheld devices and cell phones, home theaters and game systems, and virtually every other form of digital entertainment.  In 2009, 2010, & 2011 the company was named to Inc. magazine’s list of 5000 fastest growing private companies. With 15 locations across California, Oregon, Washington, & Arizona Nerds On Call serves more than 40,000 satisfied customers per year. For more information, visit www.callnerds.com  or call 1-800-919-NERD.