Zeus Hackers May Harvest Business Info

Criminals who use the Zeus malware may be working on a new angle: corporate espionage.

Zeus typically steals online banking credentials. But Gary Warner, computer security researcher at the University of Alabama, said that the criminal groups that use Zeus have started trying to find out where their victims are employed.

Sometimes the malware will pop up a fake online bank log-in screen that asks the victim for the name of his employer. Warner said that in online forums, hackers recently speculated that they might be able to sell access to computers associated with certain companies or government agencies.

"They want to know where you work," he said. "Your computer may be worth exploring more deeply because it may provide a gateway to the organization."

Zeus could be a powerful tool for stealing corporate secrets, because it lets the criminals remotely control victims' computers, scan files and capture passwords and keystrokes. With Zeus, hackers could tunnel through the victim's computer to break into corporate systems.

Warner said the biggest threat is that Zeus could infect employees' home PCs and laptops that are outside the corporate firewall but have access to company data.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Copyright © 2010 IDG Communications, Inc.

How to supercharge Slack with ‘action’ apps
  
Shop Tech Products at Amazon