Despite the charges laid, data from ZeuS Tracker shows that the Zeus trojan is still "at large" with 94 active domains, and 106 Zeus configs online as of Wednesday.
(WEB HOST INDUSTRY REVIEW) — Federal and state authorities charged 37 individuals involved in an international cyber-crime ring that, according to evidence unveiled in a Manhattan federal courtroom, used the Zeus trojan to gain personal information, and to steal more than $3 million from US bank accounts.
According to CNN and other news outlets reporting on a Thursday afternoon news conference in New York City, the US Attorney’s Office charged 37 individuals, who were mostly from Russia, Ukraine, Kazakhstan and Belarus, for allegedly using the Zeus trojan to hack the bank accounts of many US businesses and municipal entities.
Manhattan district attorney Cyrus Vance, separately, charged 36 individuals for allegedly stealing $860,000 from 34 separate corporate and individual entities, including JPMorgan Chase, according to the CNN report.
“This advanced cyber-crime ring is a disturbing example of organized crime in the 21st Century – high tech and widespread,” Vance said in a statement reported by CNN.
Zeus malware is typically sent as a benign-looking email, which quickly embeds itself in the victims’ computers, and is used to record keystrokes, which may include account numbers, passwords, and other personal data.
While the accused stand trial, the Zeus trojan remains at large. Further, it has recently been found by Kyle Yang, a researcher at security firm Fortinet (www.fortinet.com), that the Zeus botnet has a new mobile malware component, which is likely aimed at intercepting confirmation text messages sent by banks to their customers.
FBI Cyber Division Deputy assistant director Steven Chabinsky said at the GovSec/FOSE Conference in March that cyber criminals have made their illegal activities an increasingly profitable business on a scale never seen before. “[W]ith more money to invest in their crimes, cyber criminals can afford sophisticated attacks with more operational security, which leads to higher profits with less chance of getting caught,” he said. “Cyber criminals have developed a business cycle—they invest money, get back even more money, learn their lessons, tweak their schemes, and then reinvest their profits into bigger and more profitable crime.”
He even used the Zeus crimeware kit as an example: “Recently, the writers of Zeus added an anti-piracy component that aims to prevent fellow criminals from hacking the malware’s code to replicate it for free. The software generates a hardware ID based on the criminals customer’s PC hardware and operating system’s version number that is then forwarded to the seller of the program, who in turn gives the product activation code necessary to begin using the toolkit. Even a small modification in PC hardware would prevent the malware from running, so it can only be run from the customer’s computer. The basic configuration of Zeus sells for between $3,000 to $4,000 in the underground market, with more advanced versions selling for as much as $10,000.”
ZeuS Tracker (www.zeustracker.abuse.ch), a site that tracks Zeus command and control servers around the world, reports that there are 94 active domains, and 106 Zeus configs online as of Wednesday.
No related posts.
