A faster spreading polymorphic version of the Zeus online banking password stealing Trojan is targeting computers in the US and UK, a web security company has warned.
The new version of Zeus has been detected on one in every 3,000 computers monitored by the Trusteer Rapport service, the firm said. This is an unprecedented rate of distribution for new financial malware code, with Zeus version 1.4 targeting Firefox as well as Internet Explorer browsers.
The completely redesigned malware is using advanced polymorphic techniques to avoid antivirus detection and supports HTML injection and transaction tampering for Firefox to bypass authentication processes, according to Trusteer.
"We expect this new version of Zeus to significantly increase fraud losses, since nearly 30% of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before," said Amit Klein, chief technology officer at Trusteer and head of the company's research organisation.
The company has alerted financial institutions and is recommending they maintain a layered approach to malware blocking and make sure they have the proper detection, investigation, mitigation, and response tools in place.
Zeus, the most prevalent financial malware, typically infects PCs and then waits for the user to log onto a list of targeted banks and financial institutions to steal their credentials, which are sent to a remote server in real time.
The malware can also modify genuine web pages from a bank's web servers to ask for personal information such as payment card number personal identification numbers.
According to Trusteer, antivirus detection of Zeus has a poor track record, with up-to-date antivirus software installed on 55% of PCs infected in 2009.
Picture: Liane Riss/WestEnd61/Rex Features