Saturday, October 17, 2009

ZeuS Turns Smash & Grab Into Grab & Smash

Brian Krebs writes on Security Fix:

Imagine being in charge of your organization's finances, and learning from your bank one morning that thieves had stolen tens of thousands of dollars from company coffers overnight using your online banking credentials. Now imagine your frustration when you go to log in to your PC to assess the damage, only to find that the computer you typically use to access the account has been kneecapped by the bad guys.

This is precisely what happened to Kathy Dake, office manager for St. Isidore Catholic Church in Danville, Calif. Dake had infected her PC with the Zeus Trojan after opening a malicious e-mail disguised as notice from the IRS about "unreported income".

The thieves used Zeus to steal the credentials Dake uses to administer the church's bank account, and a week ago Friday she came in to work to find her computer would not boot up; Windows complained that key files had been corrupted. That same day, she also found out from her bank that in the wee hours of the morning someone had tried to transfer $87,000 out of St. Isidore's account. The attackers had instructed the bank to send the funds to more than a half dozen money mules, willing or unwitting accomplices across the country hired through work-at-home job scams.

More here.


Post a Comment

<< Home