Zeus Malware Returns, This Time on Facebook

Dennis Faas's picture

The Zeus malicious software tool, which is designed to steal bank account information, is reportedly making a resurgence. This time Zeus is being spread through misleading Facebook pages.

The Zeus malware, which has been circulating for roughly six years, poses as a legitimate file and tricks victims into installing it on their PCs. It then waits until a victim logs into an online banking site before using keylogging tools to capture log-in details.

With enough information, the people behind Zeus can empty bank accounts.

Malware Targets Bank Accounts, Social Security Numbers

To make things worse, Zeus is sometimes set up to show bogus versions of the banking site, encouraging users to hand over other personal details, such as social security numbers.

Historically, such malware has been spread via emails containing a bogus link or malicious attachment.

Now, it seems the scammers -- thought to be a Russian criminal group -- are targeting Facebook. However, they aren't using the typical Facebook tactic of tricking users into sharing infected links with their friends.

Instead, the links are being posted on popular and very legitimate-looking Facebook pages. At the moment, it appears scammers are using fake pages about National Football League (NFL) teams and topics to fool victims. (Source: nytimes.com)

Zeus Trojan Getting More Sophisticated

Security firm Trend Micro says the current version of Zeus has been modified to make it more difficult to detect and remove.

In the past, it created a folder on the victim's computer to store the data it collected. The current version not only creates two different folders, but gives them randomly generated names. (Source: trendmicro.com)

Zeus also tampers with Windows' built-in security settings, making it difficult for the user to access popular security-related websites. This means it's important to have strong anti-malware protection in place, experts say.

Rate this article: 
No votes yet