Facebook Users Targeted for Spread of Zeus Malware
The most common variants this time around are called "Citadel" or "GameOver," both of which send DNS queries to randomized domain names. When a user clicks on a malicious link, they're redirected to a website that gets busy dropping dirty files onto their PC. These are usually random-named folders dropped into the %Applications Data% folder.
Contained in the foul configuration files are banks and other financial institutions that Zeus monitors in browsers. When a user logs into a bank account on an infected PC, the virus perks up and begins recording login information as it's typed into the browser. That information is then sent to the hackers behind the attack, who can then infiltrate the user's account or sell the details on the black market.
"Peddling stolen banking and other personal information from users is a lucrative business in the underground market. Plus, these crooks can use your login credentials to initiate transactions in your account without your consent," Trend Micro warns. "Thus, it is important to be careful in opening email messages or clicking links. Bookmark trusted sites and avoid visiting unknown ones. Always keep your system up-to-date with the latest security releases from security vendors and install trusted antimalware protection."