Zeus adds investment fraud to its extensible range of activity

According to Amit Klein, chief technology officer with the in-browser security specialist, his research team have identified a new configuration of Zeus that inserts credible looking banner ads on major web sites to "offer" high rate of return investment opportunities.

The attack, he says, is targeting some of the world's leading and most trusted websites, including: AOL, Amazon, Apple, CNN, Citibank, Forbes and ESPN. Adding investment fraud to its bag of tricks, he notes, is a new twist for Zeus.

"In one case, the Zeus mechanism embeds banners on the targeted websites which redirect to https://ursinvestment.com. We were surprised to see how well integrated the banner designs were with the attacked websites", he says in his latest security blog.

Klein goes on to say that, as part of a highly sophisticated attack against Forbes.com, the cybercriminals inject a very compelling overview of the fictitious URS Investment Fund, offering wealthy individuals an extremely high rate of return.

In a similar attack against the Yahoo Finance pages, the Trusteer CTO says that the fraudsters are claiming that URS has established a partnership with portal.

After researching https://ursinvestment.com, Klein and his team have observed that, after registration, users are prompted to upload funds though a bank wire transfer or using Western Union.

The interest rates offered range from a promised 7%, 11.3%, 16% and even 32%, he claims.

"We also checked WHOIS for information on ursinvestment.com and found that records only start on 03/11/2011. However, according to the website, the URS company has existed since 1995 and is based in the US. We did not find any company behind this website", he said.

The new Zeus attack, he added, is noteworthy for the level of sophistication and depth and breadth of content that the criminals have developed to make the scam appear legitimate and believable.

"Unlike many Zeus attacks, this is less about the attack code and all about selling the fraud scheme. With attack code already developed to the point where it can convincingly mimic real websites and trusted brands, it appears criminal groups are bulking up investments in marketing communications to make their scams harder to differentiate from legitimate business offers presented to web users", he said.

"Without the ability for average web users to 'spot' fraudulent offers, e-commerce may be threatened. As result, technology that secures web sessions and transactions must fill the void", he added.

What’s Hot on Infosecurity Magazine?