New Zeus malware attacks Smart phone and LinkedIn users

London, September 29, 2010 – The ZeuS malware is coming of age and the infections are going to get a lot worse says Trusteer, the secure browsing services specialist. ZeuS malware has already been pushed extensively to users of Web 2.0 and/or social networking sites plus services such as Facebook, Twitter and, most recently, to users of the business social networking site, LinkedIn. Malware is also being modified by cybercriminals using coding toolkits to attack smartphone users. Recent postings by our IT security colleagues at S21sec about ZeuS targeting smartphone users are just the tip of the iceberg when considering the potential of these attacks.

ZeuS Mitmo.

“The spread of Zeus into mobile platforms marks the beginning of a new era of malware mobility,” said Mickey Boodaei, Trusteer's CEO. “What's dangerous in this approach is that the same malware controls two communication channels - the PC and the mobile device and as a result can launch extremely effective attacks against banks and organizations that rely on these two channels for authentication and transactions.”

“Many enterprises rely on two-factor authentication to protect against unauthorized remote access to their networks and sensitive corporate applications. Malware such as Zeus which can reside both on the PC and the mobile device can easily bypass these protections. For online banking the potential of the attack extends way behind authentication. Criminals can also control incoming voice calls and re-direct them to the attackers. So when the bank detects a suspicious transaction and calls the customer for confirmation, the criminals can pick up the phone on the other side and do that on behalf of the customer.

By controlling both the phone and the PC criminals achieve devastating power. Frankly, I'm amazed that it took them so much time to do this,” continued Boodaei.


“Social networks are easy targets for malware. As a Linked In user I've received a few email alerts where I didn't really know if they're genuine or not. The first thing you want to do when you get a Linked In invite from someone you're not sure you know is to click the View Profile link embedded into the email. These emails also include links to accept and reject invitations,” said Boodaei.

Linked In are not alone here and many of the social networks send emails with links and even experienced users may be fooled into clicking one of these really well crafted emails. Once the criminals gain control of a social network account they have access to the victim's list of friends and they can send out more targeted messages to these friends, and raise the risk of getting infected even higher.

“Targeting social network users for distributing financial malware is a smart move for the criminals. These attacks are much more likely to succeed than phishing attacks on banks. Once Zeus installed on the user's computer then the criminals get access not only to login information but also to real-time transactions and other sensitive information on the victim's computer, said Boodaei.”

To defend against attacks web 2.0 attacks like this enterprises and users need to use secure browsing services in addition to gateway level firewalls, anti-virus and anti-spam defences. Trusteer works directly with leading banks around the world to identify targeted online banking attacks such as Zeus, block them, and remove them from your computer.

Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its array of services. Trusteer enables banks and online businesses to protect sensitive data such as account holder credentials from malware by locking down the browser and creating a tunnel for safe communication between the web site and customers’ machines. It also prevents phishing by validating site authenticity. Trusteer also allows remote, effective, and instant investigation of malware-related fraud incidents. Trusteer’s solutions are used by more than 70 leading financial organizations in North America and Europe and by more than 12 million of their customers. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on For more information about our products and services, please visit

Source: Eskenzi PR Ltd.