Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Next-Generation Banking Malware Emerges After Zeus

Soulskill posted more than 3 years ago | from the survival-of-the-fittest dept.

Security 48

Batblue writes "The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation. What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert. Seculert has published screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, he said."

cancel ×

48 comments

Sorry! There are no comments related to the filter you selected.

Safest Banking (2)

Malnar (1810062) | more than 3 years ago | (#35105038)

Oh no! They're gonna get at the wad of money buried in the back yard! It may only earn the interest of worms, but at least its not funding wall street

Re:Safest Banking (1)

HomelessInLaJolla (1026842) | more than 3 years ago | (#35106592)

The safest banking is to follow the law of God which the bankers should themselves be following. Pick up only enough for today--maybe enough for tomorrow or a few days. If you find yourself picking up enough for next season, next year, years to come, generations to come, then you're already doomed.

Re:Safest Banking (1)

Lord Ender (156273) | more than 3 years ago | (#35106870)

Your savings account money typically funds mortgages and small businesses. "Wall Street" runs on capital largely derived from the sale of stocks, and banks don't buy stock with their depositors' money.

Secular seculert (0)

Anonymous Coward | more than 3 years ago | (#35105092)

Is Seculert prominently secular or something?

Alternative link (4, Informative)

hellkyng (1920978) | more than 3 years ago | (#35105126)

Re:Alternative link (0)

Anonymous Coward | more than 3 years ago | (#35108504)

Thanks man! I like to go to the source of the information too, I generally just use slashdot to point me to the interesting links ;)

Why don't computer users (-1, Troll)

Anonymous Coward | more than 3 years ago | (#35105130)

just not install the software? After having all the fuss of refining Vista, why does Microsoft even allow malware to be installed on Windows 7 in the first place?

Re:Why don't computer users (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35105458)

why does Microsoft even allow malware to be installed on Windows 7 in the first place?

Your stupidity astounds me.

Re:Why don't computer users (-1)

Anonymous Coward | more than 3 years ago | (#35105616)

It's stupid to stop malware from being installed? Please explain, genius. And while you're at it, please explain why OSX and Linux don't see it as "stupid", but Microsoft does.

Re:Why don't computer users (0)

Anonymous Coward | more than 3 years ago | (#35105778)

...and your stupidity seems to keep on going...

Microsoft doesn't allow malware any more than OSX or Linux... Microsoft is just the one that people go for as it is by FAR the most used operating system!

Re:Why don't computer users (-1)

Anonymous Coward | more than 3 years ago | (#35105802)

And by FAR the most infectable operating system!

Re:Why don't computer users (0)

Anonymous Coward | more than 3 years ago | (#35106058)

Please stop talking, your stupidity might be infectious.

Re:Why don't computer users (0)

Anonymous Coward | more than 3 years ago | (#35106034)

RTFA: Zeus / SpyEye are windows malware.

Furthermore, look at the best-of-class spyware tools:
http://www.malwarebytes.org/mbam.php [malwarebytes.org] -- no OSX or Linux versions
http://fileforum.betanews.com/detail/Spybot-Search-Destroy/1043809773/1 [betanews.com] -- no OSX or Linux versions
http://www.lavasoft.com/products/ad_aware_free.php?t=techspecs [lavasoft.com] -- no OSX or Linux versions

Why could that be? Maybe because OSX and Linux don't allow malware to be installed, and the MicroIdiots have their heads up your ass.

Re:Why don't computer users (0)

Anonymous Coward | more than 3 years ago | (#35106570)

"The term rootkit or root kit originally referred to a maliciously-modified set of administrative tools for a Unix-like operating system that granted "root" access."

Re:Why don't computer users (0)

Anonymous Coward | more than 3 years ago | (#35106772)

"The term rootkit or root kit originally referred to a maliciously-modified set of administrative tools for a Unix-like operating system that granted "root" access."

"Originally", as in the past, as in not allowing the installation of rootkits is something that OSX and Linux, i.e.: modern Unix-like operating systems, do right.

I think it's pretty cool (0)

Anonymous Coward | more than 3 years ago | (#35105212)

that you can rob a bank without having to kill or threaten anyone. Damn! I could retire tomorrow... Fuck the banks. I'm interested to see how this all plays out in the long term

the need for US to create/protect blackwater co.s (0)

Anonymous Coward | more than 3 years ago | (#35105214)

best of luck to our (former) 'clients' in cairo

on to more important stuff that really matters (0)

Anonymous Coward | more than 3 years ago | (#35105302)

almost nothing else of value can happen until the scared/hungry/sick babies (all of them) are cared for appropriately. damned pyramids. see you there?

Comment from TFA (3, Interesting)

beschra (1424727) | more than 3 years ago | (#35105336)

Thought this was worth including in /. "Question (and not a rhetorical one): Do you think that if the US Congress issued a Letter of Marque and Reprisal to a licensed and bonded cyber privateer, and tasked that privateer to loot the bad guys, that the bad guys would think twice before plying their trade? In other words, is there a deterrent value?"

Re:Comment from TFA (0)

Anonymous Coward | more than 3 years ago | (#35105478)

If you're any good at looting, maybe. It's like violence: if it's not working, use more. It's possible to seriously curb drug usage if you're brutal enough, like Mao was.

Re:Comment from TFA (1)

deKernel (65640) | more than 3 years ago | (#35105548)

Wow, that is a very interesting question. I would think that it would not be such a good idea to act in such an overt manor. The one issue I see is that some/most of the "command and control" servers are located in other sovereign countries...some of which are even friendly, so attempting to breach such machines could be construed as an attack on a sovereign nation.

Now with that, I believe that it is something that organizations such as the CIA or NSA should be doing this in a covert manor.

Re:Comment from TFA (0)

Anonymous Coward | more than 3 years ago | (#35105772)

I've always wanted a covert manor, "batcave" and a covert few billion dollars.

Due process (0)

Anonymous Coward | more than 3 years ago | (#35106068)

Congress can't do that, because it violates due process. We have to give "the bad guys" a trial. They are presumed innocent, until proven guilty.

Otherwise, the privateers just attack whoever they want, and falsely claim that their victims were "the bad guys" in the letter of marquee.

Re:Due process (1)

Hamoohead (994058) | more than 3 years ago | (#35129810)

Congress can't do that, because it violates due process. We have to give "the bad guys" a trial. They are presumed innocent, until proven guilty.

Agreed. Violating due process is best left to the professionals [techdirt.com] .

Rule of Thumb (2)

Katsury (1714110) | more than 3 years ago | (#35105346)

I think it should be expected that there will always be something better, more efficient, and equally if not more spooky than the malware that we know about. The unknown stuff is the malware you should be worried about.

Banking malware - wha ? (1)

doperative (1958782) | more than 3 years ago | (#35105404)

I see, it's either computer malware, Internet malware or now banking malware. How much PR effort must have gone into inserting that particular viral marketing meme into the blogosphere ..

Re:Banking malware - wha ? (2)

maxume (22995) | more than 3 years ago | (#35106316)

It's just English. "Banking malware" is shorthand.

Use a Live DVD? (1)

DaveGod (703167) | more than 3 years ago | (#35105530)

I'm starting to think I should try modifying an Ubuntu live DVD so it's preconfigured to ignore HDD and block out everything but my bank. I'd still have to save files to USB though.

Anyone have experience with Rapport? Is it some lightweight thing you just run when you want to access internet banking or is it some nuisance running all the time?

Use a Live USB (1)

doperative (1958782) | more than 3 years ago | (#35105674)

You can install a full working system to a USB device using the Ubuntu Live USB [wikipedia.org] creator. You can configure it so save your configuration to a separate partition and make it readonly using a physical read-write switch. Your session runs from memory and so is flushed at each reboot. There are various desktop environment available, one of the lightest is Lubuntu [slashdot.org] . Any business out there doing online Banking should produce their own customized Live CD and hand them out to their employees, there are various systems out there that can be customized such as the Knoppix [knoppix.net] distro ..

Re:Use a Live USB (2)

denis-The-menace (471988) | more than 3 years ago | (#35105736)

USB sticks with "physical read-write switch" don't exactly grow on trees.
As far as I know only Kanguru and Imation(aka 3M) make them and Imation's USB Sticks are slow. Kanguru Sticks are hard to come by.

Is there such a thing as an inline USB write protect switch?

Re:Use a Live USB (0)

Anonymous Coward | more than 3 years ago | (#35105786)

Yes, you can get hardware write blockers - they've used in digital forensics.

Re:Use a Live USB (1)

denis-The-menace (471988) | more than 3 years ago | (#35106044)

I looked them up.
$300 and total overkill.
If Kanguru can do it without bulk or a External power supply, isn't there something about the size of a USB stick that can do the same?

Re:Use a Live USB (1)

b0bby (201198) | more than 3 years ago | (#35106356)

USB sticks with "physical read-write switch" don't exactly grow on trees.
As far as I know only Kanguru and Imation(aka 3M) make them and Imation's USB Sticks are slow. Kanguru Sticks are hard to come by.

Is there such a thing as an inline USB write protect switch?

Would an SD card in a reader respect the write protect switch? Both SD cards & USB readers for them are cheap & easily available.

Re:Use a Live USB (1)

orange47 (1519059) | more than 3 years ago | (#35110332)

actually, I remember that many USB sticks had the readonly switch, back then, with sizes like 128Mb.

Re:Use a Live DVD? (0)

Anonymous Coward | more than 3 years ago | (#35105734)

Try "Puppy Linux", I am actually running it at this very moment. It boots from a CD, and all of your settings and installed programs can easily be saved onto a USB memory stick.

By default, it does not mount your hard disk. You can easily mount it if you need it.

Re:Use a Live DVD? (1)

purpledinoz (573045) | more than 3 years ago | (#35105998)

In Germany, this malware would not work at all. Every transaction requires you to input something called an iTAN, which is a one-time-use 6 digit code that the bank sends you by mail. So you get a paper with 100 iTAN numbers, and when you almost use them up, they send you another list. When you switch to the new list, you have to enter an iTAN from the old list. I feel much more secure with this system than what's implemented in the US and Canada.

Re:Use a Live DVD? (1)

orange47 (1519059) | more than 3 years ago | (#35106782)

but the virus could steal that 'itan' code the moment you type it and make another transaction instead..

i think the only good solution so far has been livecd (assuming bios is ok).
or using seperate, locked down, firewalled, etc.. computer only for banking.

Re:Use a Live DVD? (0)

Anonymous Coward | more than 3 years ago | (#35110060)

they are one time passwords.
one transaction and no more, sniff away virus.

Re:Use a Live DVD? (1)

DaveGod (703167) | more than 3 years ago | (#35107526)

The malware defeats your bank's measures by performing a man-in-the-middle attack. When you point your browser at your bank's website the malware steps in and it accesses your bank and sends you a copy of the page. You enter the details of your supplier but the malware substitutes their own account details. You then dutifully go through the security routine, unwittingly authorising the wrong account. iTAN is completely defeated by both phishing and man-in-the-middle, all it is any good for is against key loggers.

My bank uses a card+reader system. Every time you set up a new supplier you have to enter into the website their account number and account holder's name, which the bank checks in real time. You then put your card in your reader (which looks like a little calculator) and enter a code of which half comes from the bank website and half are digits of the payee's account number. Your reader then responds that the bank website is genuine, then generates a code which you enter into the bank website, so the bank knows you are genuine.

Let's be clear, I'm only ever giving them a code that should only work with the payee account details I already knew. How can even man-in-the-middle beat that? Yet apparently it can. The best I can think of is that at the first stage with the reader, the fake website prompts the user with the full code to enter into the reader and deletes the text reminding you that some of it should match your intended account number. Or maybe it's cracked the reader codes, I don't know.

Re:Use a Live DVD? (1)

purpledinoz (573045) | more than 3 years ago | (#35107684)

Yikes, I never thought of that. That is some scary stuff! The live CD is a good idea, but a linux VM might provide the same security, unless the malware knows how to perform a man-in-the-middle attack through a VM.

Re:Use a Live DVD? (1)

WarmNoodles (899413) | more than 3 years ago | (#35109096)

Man in the middle no no, you mean buffer overflow, Like this critical exploit from from 2005? http://www.eweek.com/c/a/Security/VMWare-Virtual-Machine-Security-Flaw-Very-Serious/ [eweek.com]

Or the 300 exploits starting on this page ? http://www.securityfocus.com/cgi-bin/index.cgi?o=0&l=30&c=12&op=display_list&vendor=VMWare&version=&title=ESX%20Server&CVE= [securityfocus.com]

Vming doent help, install patches, have intrusion prevention and early detection, have a measurement and hardening practice, have an AV and firewall, dont run as Admin, or root, don't let your kids or admins install applications willy nilly, dont allow servers to browse the internet, dont play games on the same computer as your banking.
But the best single piece of advice is to physically segregate your banking from all other activities and Keep all your off line files encrypted by password and key. Think PGP virtual disk, or true crypt volume, NOT full volume bit locker type encryption. Worth less crap for on line security.

But nothing and no security measure will surpass "You should have known better 20 20 hind sight attack."

Using a live CD? really? How secure is that CD, who made it, who if anyone vetted it? why do you trust it, may be it IS the attack, how would you know? Security is more about being informed and making yourself a hard target and measuring your security posture. Primarily by not doing stupid things you know are wrong, you will and can skip being seen by most of the attack surface which is looking for you.

Re:Use a Live DVD? (1)

WarmNoodles (899413) | more than 3 years ago | (#35108960)

Not true at all. All that is is cross site request forgery protection. Wont help you a single bit if the attacker substitutes his or her self as a payee and substitutes your remaining balance as the amount.

It Also would not help you if the transaction reponse page was a fake and the attacker collected a week's worth of your ITANS, how often does the average Germal banking customer call thier Bank? If the bank delivers electronic statments then, you will never see one showing fraud, and if they deliver physical monthly statments, an attacker can collect and use nearly 30 days of ITANS before you have a clue your screwed.

Have a nice day now knowing your just as screwable as an other Banking customer :)

Re:Use a Live DVD? (0)

Anonymous Coward | more than 3 years ago | (#35107064)

I'm starting to think I should try modifying an Ubuntu live DVD so it's preconfigured to ignore HDD and block out everything but my bank. I'd still have to save files to USB though.

Anyone have experience with Rapport? Is it some lightweight thing you just run when you want to access internet banking or is it some nuisance running all the time?

Rapport runs all the time, however it hardly uses resources and rather have it than not.
I have it running and havent had any internet banking problems and I use numerous
banks's online banking facilities. That sais I'm keep the a/v and patching up to date
everyday as wel...

Re:Use a Live DVD? (1)

WarmNoodles (899413) | more than 3 years ago | (#35109098)

Right! just what the world needs, another *nix variant. Slaps forehead.

Re:Use a Live DVD? (1)

tlhIngan (30335) | more than 3 years ago | (#35109562)

I'm starting to think I should try modifying an Ubuntu live DVD so it's preconfigured to ignore HDD and block out everything but my bank. I'd still have to save files to USB though.

Anyone have experience with Rapport? Is it some lightweight thing you just run when you want to access internet banking or is it some nuisance running all the time?

Or, why not just get a netbook, completely erase the hard drive and install your favorite Linux? Lock it down, image it and use it only for banking.

Banking only needs a little CPU power, and netbooks are cheap and disposable so you can use it just for banking only. Shut it down when you're done and that's it. That way your main PC doesn't have to be rebooted continually (it gets old, fast!). You just boot up the netbook, do your banking, then shut it down and put it back on the shelf.

Good thing I use a Credit Union (1)

jafiwam (310805) | more than 3 years ago | (#35105706)

They are immune from fees and all that other banking stuff!

Well, obviously (0)

Anonymous Coward | more than 3 years ago | (#35109762)

“Well, obviously we have malware in Lincoln Park. He's climbing in yo windows, he's snatchin yo money up..'

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>