IDG News Service - Criminals who use the Zeus banking crimeware may be working on an new angle: corporate espionage.
That's what worries Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham, who has been closely monitoring the various criminal groups that use Zeus. Zeus typically steals online banking credentials and then uses that information to move money out of Internet accounts. In the past year, however, Warner has seen some Zeus hackers also try to figure out what companies their victims work for.
In some cases, the criminals will pop up a fake online bank login screen that asks the victim for a phone number and the name of his employer. In online forums, he's seen hackers speculate about how they might be able to sell access to computers associated with certain companies or government agencies.
"They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organization."
That's worrisome because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims' computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into corporate systems.
There are other reasons why Zeus's creators might want to know where you work, however. They could simply be trying to figure out whose data is the most valuable, said Paul Ferguson, a security researcher with Trend Micro. "A welding business might make more money, than say, a Girl Scout troop," he said via instant message.
Still, Ferguson believes that the crooks could make money by selling access to computers belonging to employees of certain companies. "I haven't personally seen that, but these guys are pretty devious."
Police arrested more than 100 alleged members of a Zeus gang last week, but that doesn't put an end to the problem. Zeus is widely sold for criminal use, and security experts say that there are dozens of other Zeus gangs out there. The group responsible for last year's Kneber worm outbreak is thought to be the largest Zeus outfit still in operation.
If Zeus operators really do start promoting their crimeware as corporate back-doors -- and Warner believes this is already happening -- that could mean new problems for corporate IT.
The biggest issue would be for home computers and laptops that are outside of corporate firewalls that still have access to company data via the Internet. Those systems could suddenly become a risk for IT staffers, Warner said.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!