Zeus botnet plunders nearly 100,000 UK user credentials


Zeus botnet plunders nearly 100,000 UK user credentials

Warwick Ashford

Security firm Trusteer has uncovered a large Zeus version 2 botnet being used for financial fraud in the UK.

"This is just one out of many Zeus 2 botnets operating all over the world," says Amit Klein, Trusteer's chief technology officer.

The Eastern Europe-based botnet is controlling more than 100,000 infected computers, 98% of them in the UK, the firm said.

The criminals behind the botnet have been harvesting all kinds of potentially lucrative and revenue-producing credentials, Trusteer said.

This includes account IDs, login information to banks, credit and debit card numbers, account types and balances, bank statements, browser cookies, client side certificates, login information for e-mail accounts and social networks and even FTP passwords.

"What is especially worrying is that this botnet doesn't just stop at user IDs and passwords," said Klein.

By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user, that can be used to augment their illegal access to those users' online accounts, he said.

Trusteer discovered the extent of the botnet when researchers gained access to the botnet's drop servers and command and control centre.

Researchers also found that the interface used by the fraudsters to manage the botnet enables them to monitor the growth of the botnet very accurately, search all traffic generated by the bots, and push updates and other executables to specific bots or to the entire botnet.

Trusteer is working with UK law enforcement agencies to bring the criminals to justice and with the UK's main banking institutions to detect and mitigate attacks.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy