Thales Blog

How To Stop Zeus In His Tracks

September 1, 2010

Further to a posting on the topic in May, the infamous Greek-god-turned-cyber-trojan, Zeus, has been at work once again with news that cyber-crooks have used it to steal around £675,000 from customers of a major UK bank.

Zeus works primarily through phishing emails or so called ‘drive-by downloads’, downloads which happen unbeknown to the user while visiting a website, viewing an e-mail message or clicking on a deceptive pop-up window. Once this happens, the Trojan sits on your computer and waits for you to log in to whichever online banking provider you use. When you do, the Trojan kicks in and replaces the genuine online banking site with an very good replica and tells you that the bank is updating its systems and needs you to update your details. Cue the handover from unassuming consumer to professional fraudster of all sorts of personal details from account number and PIN to date of birth and address.

It doesn’t stop there either, as the Trojan may then also ask for your Verified by Visa or MasterCard SecureCode password, meaning that the fraudsters controlling the Trojan have all the information they could possibly need to access your account or make a card-not-present (CNP) purchase.

While 3D secure mechanisms such as Verified by Visa and MasterCard SecureCode have been a positive step in helping stem the rising tide of CNP fraud, as long as there are online retail sites that don’t require it, or as long as the systems only require a password, these attacks can still happen. The use of existing CAP card readers as two-factor authentication for online shopping could play a part in counteracting this problem and could be an effective step towards keeping Zeus at bay.