Facebook Users Targeted for Spread of Zeus Malware
Be careful what you click on, Facebook users. According to security outfit Trend Micro, variants of the info-stealing Zeus malware are "reemerging with a vengeance" and targeting Facebook users with increased tenacity in recent months. A surge of activity was noted in the beginning of February, but instead of leveling off, it continues to be active.
The most common variants this time around are called "Citadel" or "GameOver," both of which send DNS queries to randomized domain names. When a user clicks on a malicious link, they're redirected to a website that gets busy dropping dirty files onto their PC. These are usually random-named folders dropped into the %Applications Data% folder.
Contained in the foul configuration files are banks and other financial institutions that Zeus monitors in browsers. When a user logs into a bank account on an infected PC, the virus perks up and begins recording login information as it's typed into the browser. That information is then sent to the hackers behind the attack, who can then infiltrate the user's account or sell the details on the black market.
"Peddling stolen banking and other personal information from users is a lucrative business in the underground market. Plus, these crooks can use your login credentials to initiate transactions in your account without your consent," Trend Micro warns. "Thus, it is important to be careful in opening email messages or clicking links. Bookmark trusted sites and avoid visiting unknown ones. Always keep your system up-to-date with the latest security releases from security vendors and install trusted antimalware protection."
Sound advice.
The most common variants this time around are called "Citadel" or "GameOver," both of which send DNS queries to randomized domain names. When a user clicks on a malicious link, they're redirected to a website that gets busy dropping dirty files onto their PC. These are usually random-named folders dropped into the %Applications Data% folder.
Contained in the foul configuration files are banks and other financial institutions that Zeus monitors in browsers. When a user logs into a bank account on an infected PC, the virus perks up and begins recording login information as it's typed into the browser. That information is then sent to the hackers behind the attack, who can then infiltrate the user's account or sell the details on the black market.
"Peddling stolen banking and other personal information from users is a lucrative business in the underground market. Plus, these crooks can use your login credentials to initiate transactions in your account without your consent," Trend Micro warns. "Thus, it is important to be careful in opening email messages or clicking links. Bookmark trusted sites and avoid visiting unknown ones. Always keep your system up-to-date with the latest security releases from security vendors and install trusted antimalware protection."
Sound advice.
