Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
A new version of the data-stealing trojan Zeus is for the first time able to successfully exploit Mozilla's Firefox browser to commit sophisticated online banking fraud, according to security firm Trusteer.
Zeus, the most prevalent type of financial malware on the internet today, is known for stealing bank account information from its victims. But, previous versions of the malware were unable to bypass the security defenses, such as strong layers of authentication, used by banks when a user was on Mozilla's browser, Mickey Boodaei, CEO of Trusteer told SCMagazineUS.com. The newest Zeus incarnation targets Firefox browsers with techniques called HTML injection and transaction tampering, which can effectively bypass strong authentication and transaction signing.
"We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before," Amit Klein, CTO of Trusteer and head of the company's research organisation, said in a statement.
In an email sent to SCMagazineUS.com, a spokesperson at Mozilla said that Zeus is not exploiting a vulnerability within Firefox, but is installed once a system has already been compromised.
"Once malware like Zeus is on a user's system, every application they use is at risk," the Mozilla spokesperson said.
Previous versions of Zeus had fairly limited capabilities for Firefox compared to those for Microsoft's Internet Explorer (IE) browser, Boodaei said. On Firefox, for example, the trojan previously was not capable of changing a bank's login page or altering a user's online transactions. As a result, most fraud incidents associated with Zeus have been sustained by users of IE.
"As long as you worked with Firefox, until now, Zeus had very limited capabilities and the result was that no fraud was committed on your account," Boodaei said.
This variant of the malware is spreading rapidly via compromised websites and in spam messages, Boodaei said.
The first variants of Zeus date back to 2006, but it is still one of the most dangerous pieces of malware on the internet, he said.
"As an industry, we still don't have a solution, which is worrying," he added.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.