Zeus Trojan adds investment fraud to its arsenal

A new variation of the Zeus Trojan is targeting victims through credible looking adverts on major websites that offer high rates of return on investments.

A new variation of the Zeus Trojan is targeting victims through credible looking adverts on major websites that offer high rates of return on investments.

The malicious advertising or malvertising has shown up on leading and trusted websites including Amazon, Apple, CNN and AOL.

Adding investment fraud to its bag of tricks is a new twist for Zeus, says Amit Klein, chief technology officer at security firm Trusteer.

"These attacks are designed to lure people into investing their money through a very convincing and professional looking website, https://ursinvestment.com, which is a fraud," he says.

Trusteer traced several examples of this Zeus configuration file to attacks on leading websites that all redirect to https://ursinvestment.com.

"We were surprised to see how well integrated the banner designs were with the attacked websites," says Klein

In a very sophisticated attack against Forbes.com, the cybercriminals injected a compelling overview of the fictitious URS Investment Fund.

"They offer wealthy individuals the opportunity to achieve extremely high rates of return through a 'prestigious' investment program. The content developed for this attack establishes a new standard of credibility by fraudsters," says Klein

In a similar attack against the Yahoo Finance pages, the fraudsters actually claim that URS has established a partnership with Yahoo.

Like the injected code, the URS Investment Fund website is professionally designed and user friendly with a simple registration process, says Klein

Upon registration, users are prompted to upload funds though a Bank Wire Transfer or using Western Union. Next, users are asked to choose an investment.

Three options are presented in significant detail for minimum investments of $1000, $5000, and $10,000, including investment schedules, interest rate of return, and lump sum profits, says Klein.

According to Trusteer, the attack is noteworthy for the level of sophistication and depth and breadth of content that the criminals have developed to make the scam appear legitimate and believable.

"Unlike many Zeus attacks, this is less about the attack code and all about selling the fraud scheme," says Klein.

With attack code already developed to the point where it can convincingly mimic real websites and trusted brands, he says, it appears criminal groups are bulking up investments in marketing communications to make their scams harder to differentiate from legitimate business offers presented to web users.

"Without the ability for average web users to spot fraudulent offers, e-commerce may be threatened. As result, technology that secures web sessions and transactions must fill the void," says Klein

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.