The security company Trusteer has come across a variant of Zeus that seeks to trick Facebook, Yahoo, Gmail and Hotmail users into stealing their debit cards. This Trojan is designed to steal all kinds of information, mainly bank information, using various techniques.
One of them consists of injecting false elements into the pages to request confidential information, this only happens on the computers of infected users and it is usually difficult to detect with the naked eye (see example of a modified bank page).
Let's see the example with Facebook. When the victim accesses their profile, they are shown a fake form where you are asked for the card information under the excuse of obtaining a 20% discount on the purchase of credits:
Although it can be suspicious, when appearing within the Facebook page itself as another element, the deception is much more credible.
With the Gmail, Yahoo and Hotmail webmails something similar happens, all the captures can be seen on the Trusteer blog. In this case, the excuse to request the information is a supposed new service that would allow associating the cards with the e-mail accounts and in this way being able to make online payments more quickly and safely:
Zeus has given a lot to talk about in recent years, cybercriminals have paid thousands of dollars for personalized versions of the kit, which suggests that the profits they obtain are quite large. Last year his source code was stolen, it began to circulate in various forums and today anyone can download it. This allowed researchers to analyze it in depth and of course many attackers to create their own modified versions.
In March of this year, in an operation led by Microsoft, several servers that were in the United States and were used as C&C (command and control centers) were seized. Of course this did not end the reign of Zeus, there are active servers scattered across the globe (see zeustracker.abuse.ch) but several botnets were successfully dismantled.
See also: Variant of Zeus that does not infect slow computers. ZitMo, the Zeus mobile version strikes again.