Zeus returns: FBI warns of 'Gameover' ID-theft malware

Zeus returns: FBI warns of 'Gameover' ID-theft malware

Summary: The newest strain of the notorious Zeus malware family is capable of defeating common methods of user authentication employed by financial institutions.

SHARE:

A new variant of the notorious Zeus identity-theft Trojan is making the rounds and the Federal Bureau of Investigations (FBI) says it is capable of defeating common methods of user authentication employed by financial institutions.

The latest strain of the ID-theft malware, called Gameover, begins as a phishing scheme with spam e-mails -- purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC) -- that leads to malware infection and eventual access to the victim's bank account.

From the FBI warning:

The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.”

Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.

follow Ryan Naraine on twitter

The FBI said the phishing lures typically includes a link in the e-mail that goes to a phony website.  "Once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information," it warned.

The FBI said recent investigations have shown that some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high-end jewelry stores.

The criminals contact these jewelry stores, tell them what they’d like to buy, and promise they will wire the money the next day. So the next day, a person involved in the money laundering aspect of the crime—called a “money mule”—comes into the store to pick up the merchandise. After verifying that the money is in the store’s account, the jewelry is turned over to the mule, who then gives the items to the organizers of the scheme or converts them for cash and uses money transfer services to launder the funds.

Here's a good look at how the scheme works:

(Click chart for full size)

Topics: Government US, Banking, Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

63 comments
Log in or register to join the discussion
  • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

    Where, pray tell, in my computer is my banking information?

    Thank You
    Ashtonian
    • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

      @Ashtonian It's all in the cookies.
      glide1340
    • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

      @Ashtonian The average person uses their computer to log onto their bank's website. This Trojan captures the URL & login info for their bank & (I'm assuming) sends it to the bad guys, who can then login to the victim's account & make off with their money.
      jred
    • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

      @Ashtonian Maybe there's a keylogger? I was wondering that too. Maybe if I save the bank credentials in my browser session it could be there then?
      Roger H
      • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

        @astrogeek

        It's encrypted even if it is saved in a browser cookie, which on reputable sites it is not.

        Something tells me this is ANOTHER case of 'not likely to bother the savvy internet user' who realizes that NO e-mails equivalent to the ones listed are reputable and to delete all of them.
        Lerianis10
    • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

      @Ashtonian While the information is held in cookies, it is possible to set your browser to delete cookies when you close it. This is for information besides url for bank and username/password such as a secret question. With some institutions, if you tell their system to remember your computer, the cookie information is stored in flash file. Whenever you go to login to your bank, that flash file recreates the cookie with the secret question allowing you to access your account with only the url, username and password. Since it was said that possibly a keystroke logger is being used, i wonder if it is not safer to have the extra security information stored in a flash file as that would probably not be as easy for the hackers to get as it is not a uniform practice with financial institutions. Any comment on this?
      clyman6232
      • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

        @clyman6232@... Hi, in addition, I am assured that Trusteer Rapport (that many banks recommend) , will defend against man-in-the middle attacks, loggers, and the ZEUS trojan. Of course, with the likes of HSBC and others using 2-factor IDENT devices, this is an addiional defense. TD47
        tony.davis1
    • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

      @Ashtonian
      You don't have to look as far as the cookies. Most people have their browser store the usernames and passwords for all the sites they visit. That info is easily accessible through the browser. I almost gave a co-worker a heart attack by showing him his stored ebay, paypal and banking username/passwords.
      trojdor
      • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

        @trojdor

        I don't know why he would have a heart attack and most browsers encrypt/password protect if you ask them to your logins.

        That is what Chrome does. Firefox does that as well. I believe it's iE7+ for the win.
        Lerianis10
      • not good ones

        @trojdor - Sites with good security block browsers from remembering passwords. If your bank allows that, you should change banks.
        Greenknight_z
  • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

    why is this news....Zeus, Spyeye and the rest have be stealing credentials for years....there seems to be nothing new here
    jezd
  • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

    Micro soft only !!
    xeniast
  • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

    Question: it would see to me that if your system was up-to-patch, you wouldn't have any risk of infection from this?
    SuperComputerGuru
    • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

      @SuperComputerGuru
      Oh, my...Dude, you seriously need to change your poser nickname. You obviously don't have a clue.
      trojdor
      • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

        @trojdor lmao
        2WiReD
  • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

    I don't use my MSFT windows computer for investments or banking. I use my MAC.
    davisthediver
    • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

      @davisthediver@...

      Google 'Charlie Miller' and see what he says about how 'safe' your MAC is

      hint: it's easier to hack than Windows 7
      UrNotPayingAttention
      • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

        @UrNotPayingAttention

        You failed to mention from easier to hack with physical access..
        Hack through exploitation its still safer.. As windows fans put it due to market share...
        Anthony E
      • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

        @UrNotPayingAttention

        No. Charlie's successes have been based on social engineering type attacks, which plenty of Apple users proved they are susceptible to back with MacDefender.

        No Physical access required
        UrNotPayingAttention
  • RE: Zeus returns: FBI warns of 'Gameover' ID-theft malware

    I don't use my MSFT windows computer for investments or banking. I use my MAC.
    davisthediver