The power of ZeuS now being tapped for user data

According to JC Donnelly, a security writer for the Tech FAQ newswire, whilst the original use of ZeuS was to access consumer's bank accounts and siphon money out, it seems that hackers are now interested in collating more than just online banking credentials, as they now seem to using the trojan to collate data on users.

One of the key pieces of info that hackers seem to want, says Donnelly, is where the user of the infected computer works.

And, the security writer notes, the way that hackers have been gaining access is - as expected - incredibly deceptive, as a fake bank `glossary link' login form will appear and the user will be asked for their employer plus their phone number.

This, he says, allows the hacker to gain the information they need to know whether there might be corporate secrets on the computer.

The Tech FAQ newswire quotes Gary Warner of the University of Alabama as telling the New York Times that hackers in forums are discussing what they can possibly do with this information.

"Your computer may be worth exploring more deeply because it may provide a Glossary Link gateway to the organisation", he told the paper.

So what is happening with ZeuS?

Donnelly claims that, because the trojan is such a powerful piece of malware, it allows the hacker to take total control over the computer.

"Once in, they're able to peruse the files, pay attention to keystrokes and potentially access the corporate systems. This would lead to information that these corporations want hidden to be potentially revealed to the highest bidder. In other words, it's corporate glossary link espionage", he explained.

Whilst there are ZeuS gangs being arrested all the time, the newswire says that Zeus is still being sold for criminal use, which means there are new gangs popping up all the time.

Last year, as an example, Donnelly says that the Kneber worm was released by the largest known Zeus operation still in existence.

And this, he adds, is going to become a problem for IT departments, as, when an employee is within the company's network, the IT department is able to keep track of where data is going.

"If they suddenly spot a computer sending information to Russia, they might glossary link flag it and shut it down. However, what happens when the person works from home?" he said.

To solve this problem, Donnelly suggests that companies should either not allow their employees to work from home or provide a computer that is only for remote work use.

"So long as users aren't visiting sites that could have the virus attached, they won't get it. However, as Zeus evolves, IT departments looking to combat it will have to evolve as well", he said.

What’s Hot on Infosecurity Magazine?