Forget credit cards: hackers want your Facebook account

According to Greek mythology, Zeus was the father of gods and men, but over the past six years, the botnet, trojan and crime kit of the same name has become better known within the IT security world as the father of most malware.

Since it burst onto the scene in July 2007, Zeus – or rather variations of the trojan created using the Zeus crime kit – has infected millions of computers. To date, more than 50,000 variations have been identified, which is a lot by any measure.

All these variants exist to do the same thing – steal your banking information. Zeus is clever enough to lie dormant after an infection and wait for the victim to visit an online-banking site, at which point it will leap into action, employing a host of techniques including keyloggers, screengrabbers, form-grabbers and even fake man-in-the-middle banking interfaces to steal your login credentials and access your financial accounts.

Zeus is clever enough to lie dormant after an infection and wait for the victim to visit an online-banking site, at which point it will leap into action

Given that it’s six years old and has such a high profile, you may think Zeus is on borrowed time. After all, every security vendor out there knows what to look for, even allowing for its mad variation count (they’re all iterations of the same theme, so share similar fingerprints), and how to deny it access.

Facebook distribution

The trouble is, plenty of people consider themselves too savvy to get caught by malware – since they never click dodgy links or visit dodgy sites – or never consider security at all. This is why cybercriminals are still intent on using the proven-to-be-profitable Zeus, and are turning the social engineering crank in order to distribute it as widely as possible.

Bogus Facebook pages have been high on the distribution hit list for much of the year, employing the usual tactic of a subject matter (sports, current global news stories, celebs, sex) that will encourage the unwary to click a link purporting to provide more information or load a video, but which actually launches the Zeus executable.

However, it seems Zeus is changing tactics, focusing on the theft of banking credentials. The latest variants to come to my attention appear to target social media networks for “likes” and followers.

Crashed market

This should come as no great surprise, if you remember that profit is the motive for distributing malware. Over the years, I’ve taken a professional interest in the value of stolen credit cards; by monitoring various underground “dark market” sites, I’ve watched that value fall and fall.

In fact, “crash” would be a better word: even allowing for an anomaly that makes European credit cards five times as valuable as US ones, prices are at rock bottom. A verified, virgin card – that is, one whose owner doesn’t know the details have been compromised – issued by a UK bank can cost as little as £5; buy in bulk, taking 50 stolen card account details, and the price will fall to £1 per card. In the US, such bulk deals bring the price down to a few pennies for each card.

Sure, active bank account details – with “guaranteed” balances to pilfer – and stolen PayPal accounts command far higher prices, but there’s no escaping the fact that stealing financial data at this level isn’t as profitable as it used to be; with so many criminals at it, the market is becoming saturated.

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.