FBI Warns of a Spear-Phishing Campaign by Zeus Trojan
Printer Print Email Email
Bangalore: The Federal Bureau of Investigation has issued a warning of a malware that steals your money by tricking you to click on a link in email. After you click, a Trojan creeps into your system and then wields a Distributed Denial of Service (DDoS) attack on the bank to mask the entire operation; and hence preventing the banks from reversing the fraudulent transaction, even if detected immediately. The FBI Denver Cyber Squad said that the whole operation is carried out by masquerading as e-mails coming from National Automated Clearing House Association (NACHA). Then the Zeus Trojan gets downloaded into the target system. The email informs you that your previous transaction wasn't completed successfully due to some technical glitches. While re-entering the account details, the malware does key logging to record them. The Trojan named "Gameover" is capable of breaking into many two field authentication systems employed by financial institutions. Although flooding or brute force or flooding DDoS attacks being easy to block, it isn't simple to identify and block the attack traffic of such malwares, which requires cutting-edge real-time analysis and high performance systems to be employed by the financial systems. There is a greater need for a mechanism similar to automated credit card fraud detection technologies to be employed as defense mechanisms by banks and financial institutions. A new breed of attackers who target high end businesses and customers are carrying out intelligent and consistent attacks, and hence a mechanism must be built to respond effectively to such DDoS attacks. According to the warning issued, one of the key entity involved in the modus operandi are the money mules, who are used to pick up the dubious purchases at the jewelry stores, gadgets and other valuables. The others include personal and business bank accounts and financial institutions.

siliconindia