New Zeus Trojan Targets Facebook And EmailBy: Zach Walton - May 17, 2012
Viruses are pretty funny. You turn your back one moment and the next, they’re stealing your credit card out of your digital wallet. OK, that’s not really funny, but it would be if the virus was wearing a top hat and monocle.
Disregarding parodies of Victorian England fashion, it gets pretty serious when a new one is found in the wild. Trusteer has found a new P2P variant of the Zeus trojan going after the easily tricked on Facebook with fake offers for free money.
The current attack via Facebook has the malware present the user with a legitimate looking page to enter your credit/debit card details in return for 20 percent cash back on all Facebook points you buy. It looks like the malware only accepts Visa and Mastercard though so I guess even botnet operators can be picky when it comes to credit card issuers.
The new Zeus trojan isn’t just going after Facebook either. The malware is going back to an old standby – email. There’s a new scam floating around going after Gmail, Hotmal and Yahoo Mail users that plays on a person’s desire for more security.
The scam offers to sign them up for a 3D secure service that’s offered by Visa and Mastercard just by entering their credit card information into a form. Trusteer points out that you can only sign up for 3D Secure at the bank that issued your card. That information was probably in the fine print though and the tellers never actually tell you anything, so can’t blame people for not knowing.
This scam is a little more advanced than just a simple email trick though. It plays upon more trusted brands like Google and Yahoo by saying that they can link their 3D Secure account up with their Google or Yahoo Checkout account to prevent fraud. If you’ve been keeping up, Google Checkout is now called Google Wallet so that should be your first red flag. Also, I’m pretty sure banks aren’t too keen on partnering with Google and Yahoo to offer services through them.
As Trusteer points out, these latest scams look pretty legit and come from well-respected brands. We also can’t forget the fact that people are usually really gullible on the Internet. If they can fall a simple photoshop that is obviously fake, their chances of falling for a legitimate looking scam are pretty high.
Like with all malware threats, be observant. Look at the URL of the page and all the text. Even if these scams look legitimate, there are always some obvious signs that they are fake. Use common sense when dealing with something that looks too good to be true, because it often is.