By Elinor Mills
August 10, 2010
Consumers and businesses in Great Britain have lost more than $1 million
so far this summer from a Trojan that is infecting their computers,
prompting them to log into their bank accounts, and then is
surreptitiously transferring money to scammers in other countries,
security researchers said on Tuesday.
About 3,000 bank accounts were found to be compromised at one financial
institution, which was not identified, according to a white paper
released by M86 Security.
The multilevel scheme uses a combination of a new version of the Zeus
keylogger and password stealer Trojan, which targets Windows-based
computers and runs on major browsers, and exploit toolkits to get around
anti-fraud systems used at bank Web sites, the report found.
Bank sites that offer two-factor authentication, such as one-time
passcodes and ID tokens, are ineffective because the malware has taken
over the browser after the victim has logged into the banking site,
Bradley Anstis, vice president of technology strategy at M86 Security,
Visit InfoSec News!