Zeus Banking Trojan Turns Its Attention To Japan

By Robert Westervelt
February 12, 2013 10:01 AM ET

The notorious Zeus banking Trojan has been detected in a wave of attacks targeting new online banking customers in a campaign being driven by the Black Hole automated attack toolkit.

The malware, which has caused serious problems to banking customers in Europe and the U.S., has been detected in Japan, according to the National Police Agency. Until now Japanese banking customers have been relatively immune to Zeus, according to Symantec, which analyzed the latest attacks and reported on them in a recent blog.

Symantec said that Japan may have posed a serious challenge for the malware writers, keeping the Trojan out of that country for so long. Zeus was first detected in 2009 and attacks began to increase in 2010. The latest Zeus variant is targeting five major banks in Japan, according to Symantec. The attacks appear to be similar to earlier variants.

"Once infected, Zeus monitors the Web browser visiting the targeted banks and injects HTML code that displays a message in Japanese," Symantec said in its report.

The message, in English, prompts users to update their personal information, including account passwords and other data needed to access the bank account. "The log-in credentials are recorded using Zeus' built-in key logging functionality," Symantec said.

Attacks using variants of the Zeus Trojan are still targeting customers in the U.S. and Europe. In June, a McAfee report outlined Operation High Roller, which used customized versions of Zeus and SpyEye.

The attacks inject code into the browser to masquerade as the victim's bank. Banking customers with a high balance and businesses conducting high-value transactions appear to be the biggest targets, security researchers say.

Microsoft tangled with a Zeus botnet owner last year, using a court order to seize servers in the U.S. that controlled about 13 million computers infected with Zeus, including 3 million PCs in the U.S. During the seizure, Microsoft kept the botnet running to gather evidence on the cybercriminals behind the attacks.

The Microsoft Zeus botnet disruption was one of several it conducted against botnet operators. It disrupted the Kelihos botnet as well as Rustock in 2011 and Waledac in 2010.

PUBLISHED FEB. 12, 2013

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows