ZuesBot Makes its rounds through Credit UnionsA flurry of zuesbot attacks have been occurring at credit unions throughout the country. All credit unions should provide a warning and information to their members.
Zuesbot is a particularly nasty malware that is bypassing top AntiVirus / Malware scanners.
Once infected it waits for the user to login to their online banking, logs the credentials, then pops up a screen that asks the user to further verify their login by entering their credit card data. All information gathered is sent back the the attackers
While some users may be skeptical and not enter their data, the damage is already done. The online banking credentials have been compromised.
So, if you have members reporting this, the only recourse is to shut down their machine, change the online banking account passwords, look for changes to the account, wipe and reload the user's machine.
After receiving notification, CUISPA issued an alert to its registered members and identified dozens of cases throughout the country.
This is a variant of the same attack that is making news in the ACH world.
Corporations unsuspectingly download the Zuesbot malware, which waits for access to the company's online banking site. At which time the attacker takes over to leverage the ACH capabilities of the company.
Shall we all reconsider stronger one time use / out of band authentication?
View Full CUISPA REPORT by logging onto ALERTS.CUISPA.ORG view the Alerts Forums
CUs Warned about Security-Skirting Malware
Malware that bypasses most anti-virus protections and steals online banking credentials has been reported at “dozens of credit unions,” warns the Credit Union Information Security Professionals Association.Known as Zeus or Zbot, the online banking Trojan is particularly dangerous because it’s hard to detect and presents the phishing page after a user logs in, said Kelly Dowell, executive director of the CUISPA in Austin, Texas.“This is a particularly nasty malware that is bypassing top anti-virus and malware scanners and compromising member accounts. Cases have been identified by dozens of credit unions that we know of. One can assume it is far more widespread than we’ve currently seen,” Dowell said.Dowell said a full report on the Zeus/Zbot situation is available at www.cuispa.org, where credit unions also can sign up for alerts.
