Jump to content


ZeuS trojan attacks bank's 2-factor authentication

  • Please log in to reply
2 replies to this topic

#1 Terryala


    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 22 February 2011 - 06:01 PM

ZeuS trojan attacks bank's 2-factor authentication

Malware for your mobile

By Dan Goodin in San Francisco ?

Posted in Security, 22nd February 2011 06:02 GMT

A variant of the ZeuS banking trojan is targeting mobile phone users who rely on their handsets to get enhanced, two-factor authentication from ING Bank Slaski in Poland, a security blogger said on Monday.

The ZeuS man-in-the-mobile attacks appear to similar to those that hit Spain in September, researchers from antivirus provider F-Secure said. Both attacks attempt to steal so-called mTANs, short for mobile transaction authentication numbers, which an increasing number of European banks are using to provide enhanced authentication to online customers. Financial institutions send the one-time passwords in text messages. The secondary passcodes are needed to login to online accounts.

The ZeuS Mitmo injects a fraudulent field into webpages that prompts users for their cellphone number and the type of handset they use. The criminals behind the operation then send the user an SMS message containing a link to malware that's customized to their Symbian or Blackberry phone. The malware automatically sends all mTANs sent to the handset to the ZeuS operators.

Security blogger Piotr Konieczny, who wrote about the attacks here, said the malware doesn't target iPhones. There was no mention of Android-based phones.

The attacks are a potent reminder of the cat-and-mouse game that's regularly played between criminal enterprises and the financial institutions they prey on. ING tuned to mTANs as a means to combat keyloggers ZeuS and other trojans use to compromise their customers' accounts. ZeuS is now attempting to strike back with a mobile version of the malware.

Google recently introduced one-time passwords that are similar to mTANs except they are used to provide two-factor authentication for Gmail account holders. ?


#2 Terryala


    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 22 February 2011 - 06:13 PM

Mobile Zeus Variants Target Windows Mobile, Symbian Phones

by Dennis Fisher

There are two new versions of the Zeus malware making the rounds right now, both of which target popular mobile phone platforms. One of the variants targets Windows Mobile devices, while the other is going after the Symbian platform, and both are intent on silently stealing data from infected devices.

The new mobile Zeus variants surfaced within the last couple of days and are similar to an older mobile version of the venerable malware. The first Zeus mobile variant appeared in September of last year and aimed to trick users into downloading the malware through a warning about the need for a "certificate update."

Once installed on a mobile device, the older version would get a message asking them to enter their phone number and phone model so they could get their specific update. The malware would then install a component that then intercepts SMS messages on the infected device and sends them to a remote mobile number.

"The new version of the Symbian ZeuS trojan (detected as Trojan-Spy.SymbOS.Zbot.b) is similar to the previous one: same commands and same functionality. The Windows Mobile version of the ZeuS trojan (detected as Trojan-Spy.WinCE.Zbot.a) has the same functionality and even the same commands. For example, both versions will report to the same C&C cell phone number (British) after a successful infection," Denis Maslennikov, a malware researcher at Kaspersky Lab, wrote in an analysis of the new Zeus variants.

Smartphones are now near the top of the list for attackers looking for the path of least resistance to gathering sensitive user or corporate data. Mobile malware has not really emerged as the major threat that has been predicted since roughly 1999, but malicious smartphone apps and other threats have surfaced to take up the slack.

"The first ZeuS in the Mobile attack showed us that cybercriminals continue to extend their activities into new platforms and target new areas (mTANs in this case). The second Zeus in the Mobile attack proved that cybercriminals are still very far away from stopping their activities. The newly targeted platform only confirms this fact."


#3 Terryala


    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 22 February 2011 - 06:16 PM

ZeuS crimeware variant targets Symbian and BlackBerry users

By Dancho Danchev | February 22, 2011, 5:36am PS

A ZeuS crimeware variant known as ZeuS Mitmo, has began targeting the two-factor authentication solution offered by the Polish ING bank.

UPDATE: Devices running Windows Mobile are also targeted.

The variant, currently targeting Symbian and BlackBerry users works as follows. Upon successful infection, the crimeware injects a legitimately looking field into the web page. The aim is to trick end users into giving out their mTANs, which stands for mobile transaction authentication numbers. Now that the gang has obtained access to their cell phone number, including the type of the device, a SMS is sent back to the victim with a link to a mobile application targeting either Symbian or BlackBerry devices.

See also:
Modern banker malware undermines two-factor authentication
Report: ZeuS crimeware kit, malicious PDFs drive growth of cybercrime

According to the security researcher Piotr Konieczny, the reason why Apple?s iPhone was excluded is due to the fact that Apple has more control over the Apple Store, compared to Symbian or RIM (Research in Motion).

These relatively sophisticated attempts on behalf of cybercriminals, wouldn?t be possible to execute if the user didn?t get infected in the first place.

As always, users are advised to use least privilege accounts, browse the web in isolated environment, and ensure their hosts are free of outdated 3rd party software, browser plugins or OS-specific flaws.