This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

New variant of Zeus targets logins for cloud-based systems

Share this article:

A new variation of the Zeus banking Trojan has been detected, targeting users of cloud-based billing companies.

Researchers at Trusteer said that the new variant of the data-stealing malware affects customers of cloud billing service providers such as Ceridian, a Canadian human resources and payroll firm.

Trusteer's Amit Klein said: “These attacks are designed to route funds to criminals, and bypass industrial-strength security controls maintained by larger businesses. In the attack on Ceridian, Zeus captures a screenshot of a Ceridian payroll services web page when a corporate user (whose machine is infected with the Trojan) visits this website. This allows Zeus to steal the user ID, password, company number and the icon selected by the user for the image-based authentication system.”

It claimed that this type of attack saw the Metropolitan Entertainment & Convention Authority lose $217,000 last year after an employee was targeted by a phishing email and infected with malware that stole access credentials to the organisation's payroll system.

Trusteer said this would become more prevalent because targeting enterprise payroll systems allows an attacker to gain more money than from a person; this would also not raise many red flags as valid login credentials are used and, by targeting a cloud service provider, the enterprise customers who use the service have no control over the vendor's IT systems and thus little ability to protect their backend financial assets.

It also said that cloud services can be accessed using unmanaged devices that are typically less secure and more vulnerable to infection by financial malware, such us Zeus.

Yishay Yovel, vice-president of marketing at Trusteer, told SC Magazine US that this is an attempt to go into different fields as enterprises are trending toward the cloud for their services.

However, he said that blame should not be put on the service providers: “The user systems are compromised, not the banks or the cloud services. Ultimately, financial fraud occurs.”

Last month, Microsoft was able to disrupt command and control servers used by Zeus, but warnings were made that the threat had not gone altogether.

There were also suggestions this week that the creator of the SpyEye Trojan had died recently; a tweet by internet security research firm Team Cymru said the co-author of the malware ‘Krabz' had died of an overdose three weeks ago. It was rumoured that Zeus and SpyEye had merged in 2010.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WhatsApp flaw leaves users open to spying

WhatsApp flaw leaves users open to spying

Global messaging service WhatsApp, now part of Facebook, has owned up to a security flaw which leaves it open to man-in-the-middle (MiTM) attacks.

Data breach discovery takes 'weeks or months'

Data breach discovery takes 'weeks or months'

A new report confirms what's long been feared - businesses take too long to recognise and react to a data breach.

HMRC plan to share taxpayers' data attacked

HMRC plan to share taxpayers' data attacked

A proposal by HMRC to release millions of taxpayers' personal data to private firms has whipped up a storm on data privacy.