Skip the navigation

Zeus hackers could steal corporate secrets too

By Robert McMillan
October 9, 2010 10:08 AM ET

IDG News Service - Criminals who use the Zeus banking crimeware may be working on an new angle: corporate espionage.

That's what worries Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham, who has been closely monitoring the various criminal groups that use Zeus. Zeus typically steals online banking credentials and then uses that information to move money out of Internet accounts. In the past year, however, Warner has seen some Zeus hackers also try to figure out what companies their victims work for.

In some cases, the criminals will pop up a fake online bank login screen that asks the victim for a phone number and the name of his employer. In online forums, he's seen hackers speculate about how they might be able to sell access to computers associated with certain companies or government agencies.

"They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organization."

That's worrisome because Zeus could be a very powerful tool for stealing corporate secrets. It lets the criminals remotely control their victims' computers, scanning files and logging passwords and keystrokes. With Zeus, hackers can even tunnel through their victim's computer to break into corporate systems.

There are other reasons why Zeus's creators might want to know where you work, however. They could simply be trying to figure out whose data is the most valuable, said Paul Ferguson, a security researcher with Trend Micro. "A welding business might make more money, than say, a Girl Scout troop," he said via instant message.

Still, Ferguson believes that the crooks could make money by selling access to computers belonging to employees of certain companies. "I haven't personally seen that, but these guys are pretty devious."

This type of targeted corporate espionage has become a big problem in recent years, and many companies, including Google and Intel, have been hit with this type of attack.

Police arrested more than 100 alleged members of a Zeus gang last week, but that doesn't put an end to the problem. Zeus is widely sold for criminal use, and security experts say that there are dozens of other Zeus gangs out there. The group responsible for last year's Kneber worm outbreak is thought to be the largest Zeus outfit still in operation.

If Zeus operators really do start promoting their crimeware as corporate back-doors -- and Warner believes this is already happening -- that could mean new problems for corporate IT.

The biggest issue would be for home computers and laptops that are outside of corporate firewalls that still have access to company data via the Internet. Those systems could suddenly become a risk for IT staffers, Warner said.

Reprinted with permission from IDG.net. Story copyright 2014 International Data Group. All rights reserved.
Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!