Malware Based On Zeus And SpyEye Targets Business and High-End Bank Accounts


Guardian Analytics and McAfee have released a report on a new breed of sophisticated, global fraud attacks that leverage cloud-based servers, extensive automation and sophisticated knowledge of how the banking industry works. The attacks, which have been underway for approximately one year, target business-to-business transactions, as well as high-balance banking consumers.

“This is a system designed by people who understand banking platforms, banking software, and understand how transactions really work,” said David Marcus, Director of Advanced Research and Threat Intelligence at McAfee. “They know how to make transactions look non-fraudulent. Clearly, these people have an insider's level of understanding.”

McAfee and other security firms have already targeted the malware, which should be easily blocked or identified via scan, he said. But there are also actions that can be taken by the channel to better protect their customers.

[Related: Survey Suggests Customers Need More Help with Security]

“I think there's a tremendous opportunity for the channel to do hot health checks,” Marcus said. “A lot of people will go out and buy technologies and services, but they won't spend enough time during the health checks and configurations that the channel partners are very good at. So I think there's an opportunity to do that kind of custom work to make sure that they are adequately covered. They can configure the technologies specific to the environment.”

Through their effort, known as Operation High Roller, the two companies identified customized versions of SpyEye, Zeus and Ice 9 within the malware. The threat can execute sophisticated web injections to the infected host, adding new data, screen shots and other fraudulent information that looks like it’s coming from the bank, itself. Authentication, in this case, does not provide any protection because the user is duped into performing proper authentication, whether that be via usernames, passwords or even two-factor authentication components.

NEXT: Looks Legitimate to Bank, User