Assume all PCs are infected with Zeus, EU warns banks

Banks should assume that their customers’ PCs are infected with Zeus, a Trojan commonly used to steal financial data, the European Union’s cyber security agency ENISA has warned.

"Zeus has been an off the shelf virus around since 2007 and the detection rate is low," ENISA said in a statement yesterday. "For a bank, in the current situation it is safer to assume that all of its customers’ PCs are infected, and the banks should therefore take protection measures to deal with this."

"Many online banking systems, some with one-time transaction codes, calculators or smartcard readers, work based on the assumption that the customer’s PC is not infected. Given the current state of PC security, this assumption is dangerous.

"Banks should instead assume that PCs are infected, and still take steps to protect customers from fraudulent transactions."

ENISA made its recommendation in light of a report from security companies McAfee and Guardian Analytics, in which they claim to have identified a campaign of Zeus-based, highly automated cyber criminal activity targeting high value commercial bank accounts and high net-worth individuals.

"Operation High Roller", as the report dubs the campaign, uses variants of Zeus and the SpyEye Trojan to intercept users’s online banking credentials. Once it has access to their account, it transfers money to "mule" bank accounts.

The campaign only targetted accounts with large deposits – on average around $250,000. McAfee and Guardian Analytics estimate that at least €60 million was stolen from bank accounts in Italy, Germany, the Netherlands, Latin America and the US.

ENISA said that "Operation High Roller", which was operated automatically by command and control servers located around the world, demonstrated the need for greater international collaboration on cyber crime. "ENISA works on fostering closer ties and more information exchange between national Computer Emergency Response Teams (CERTs), law enforcements and between EU countries to improve incident response across borders," it said.

Last month, security firm TrustWave revealed that it had discovered a "sophisticated cyber crime operation" targeting online banking users in the UK. A botnet of 30,000 PC infected with the Zeus Trojan were controlled from a server in Moldova, it claimed, and were used to steal over £1 million.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics