Trusteer uncovers Zeus botnet that lifts 100K UK user credentials

According to Trusteer, the botnet swarm appears to be controlling more than 100 000 infected computers, 98% of which are UK Internet users.

The criminals, says the firm's research team, have been harvesting all manner of potentially lucrative and revenue-producing credentials – including online account IDs plus login information to banks, credit and debit card numbers, account types plus balances, bank statements, browser cookies, client side certificates, login information for email accounts and social networks, and even FTP passwords.

Trusteer adds that its research team discovered the large scale of the Zeus botnet after they gained access to the botnet's drop servers and command and control centre, which contained the stolen information including hundreds of thousands of stolen credentials.

The firm says it is now sharing the information with UK law enforcement agencies.

Amit Klein, Trusteer's chief technology officer, said that is just one out of many Zeus 2 botnets operating all over the world.

"What is especially worrying is that this botnet doesn't just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user, that can be used to augment their illegal access to those users' online accounts", he said.

"Coupled with the ability to remotely control users' machines, download data and run any file on them, this means that the fraudsters can insert partial or complete internet pages into a live web session, enabling to inject transactions at will or extract even more data from the hapless victims", he added.

Klein went on to say that the modus operandi with the botnet is to stage targeted and segmented attacks on users, harvesting revenue from one bank's users one day, and, as that bank's security systems ramp up, move on to another regional bank another day.

In short, he explained, this is a fraudster's ultimate paradise, giving them hidden access to the users' online financial and allied activities, as surely as if they were sitting over their shoulder watching every keystroke, move and online action.

Mickey Boodaei, Trusteer's CEO, said that it is important to realise that, despite its size, this is just one of many Zeus botnets operating all over the world.

"Its size and controllable actions are a clear demonstration of the increasing sophistication of cybercriminal gangs and how they can harness the power of drive-by downloads, spam and general phishing trawls to create such a large swarm", he said.

What’s Hot on Infosecurity Magazine?