Related Stories

  • Trusteer spots worm-based malware using Zeus-like strategies to infect
    In-browser web security specialist Trusteer is reporting it has discovered a new type of financial malware that uses Zeus-like strategies to propagate and infect users' PCs.
  • Bank dodges legal bullet over Zeus trojan lawsuit
    Ocean Bank is not legally responsible for a cyber heist of $588,000 from a customer’s online account using the Zeus trojan, according to a ruling by a judge in Maine.
  • Zeus source code: from $100K to free in a matter of months
    Reports are coming in that the source code for Zeus, a long-running trojan that has been modified many times since the summer of 2007, is now available on several underground forums.
  • New financial trojan - Sunspot - arrives with Zeus/SpyEye capabilities
    A new financial trojan called Sunspot has been spotted in the wild and, claims Trusteer, its research into the malware suggests it is pitched into the same cybercrime arena as Zeus and SpyEye.
  • SpyEye and Zeus cybercriminals DDoS blast web security services
    It looks like the battle between the cybercriminals behind the recently twinned SpyEye plus Zeus malwares and the IT security industry is being won by the good guys/girls, as the developers behind the two trojan/botnet darkware applications are reportedly very frustrated with the success of ZeusTracker and SpyEyeTracker.
  • Zeus is king of bank fraud trojan viruses
    Just like the Greek god that is its namesake, Zeus is the king of bank fraud trojan viruses, having been used by thousands of criminals to scam perhaps hundreds of millions of dollars from banking customers around the world for years. The recent busts of Zeus fraudsters in the US and the UK are just the tip of a vast underground of fraud and deception, according to information security analysts consulted by Infosecurity.

Top 5 Stories


Zeus gets a little help from DDoS to defraud consumers, banks

02 December 2011

Banks should take a number of steps to counter the latest cybercrime scam that teams distributed denial of service attacks (DDoS) with the Zeus trojan, advised Mike Paquette, chief strategy officer (CSO) at DDoS defense firm Corero Network Security.

The Federal Bureau of Investigation (FBI) recently warned consumers about a multiprong scam that involves the use of spearphishing, the Zeus trojan, DDoS attacks, and a jewelry heist.

The spam campaign pretends to be legitimate e-mails from the National Automated Clearing House Association (NACHA), advising the user there is a problem with the ACH transaction at their bank. Once they click on the link they are infected with a variant of the Zeus trojan known as Gameover, which is able to keylog their information and steal their online banking credentials, the FBI Denver Cyber Squad explained.

“After the accounts are compromised, the perpetrators conduct a DDoS attack on the financial institution. The belief is the DDoS is used to deflect attention from the wire transfers as well to make them unable to reverse the transactions (if found). A portion of the wire transfers (not all) are being transmitted directly to high-end jewelry stores, wherein the money mule comes to the actual store to pick up his $100K in jewels (or whatever dollar amount was wired)”, the FBI explained.

Paquette was a bit perplexed by this explanation by the FBI. He noted that if the DDoS attack was launched before the attempted wire transfer, the bank would not be able to transfer the money. “According to the report, the criminals are able to complete the fraudulent transfers, yet they are allegedly launching DDoS attacks that stop either consumers from reporting it or banks from reversing the transactions”, he said.

The Corero CSO surmised that once the cybercriminals obtain the required information through the keylogging trojan, they complete the fraudulent transaction using the stolen credentials in a compressed time frame. Immediately after doing so, they launch the DDoS attack using a botnet against the bank’s IT infrastructure to stop consumers from filing a complaint and preventing banks from communicating with their financial services partners, Paquette judged.

“My conjecture is that is probably how it works, and the DDoS attack works by overloading portions of the infrastructure, such as switches, routers, and internet links, or it overloads the servers themselves”, he said.

Paquette offered a number of tips to banks to guard against DDoS attacks being used as a smokescreen for illegal money transfers. “Banks need to look at their infrastructure and determine which parts could be negatively impacted” by a DDoS attack, he said.

Banks should make sure that the application delivery servers are up-to-date on patches, that they are running latest versions of operating systems and applications, that they have been provisioned properly with enough capacity to handle a significant load, and that they are adequately protected against DDoS attacks, Paquette advised.

This article is featured in:
Application Security  •  Data Loss  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×