The ZeuS malware is coming of age and the infections are going to get a lot worse says Trusteer, the secure browsing services specialist. ZeuS malware has already been pushed extensively to users of Web 2.0 and/or social networking sites plus services such as Facebook, Twitter and, most recently, to users of the business social networking site, LinkedIn.

Malware is also being modified by cybercriminals using coding toolkits to attack smartphone users. Recent postings by our IT security colleagues at S21sec about ZeuS targeting smartphone users are just the tip of the iceberg when considering the potential of these attacks.

ZeuS Mitmo

The spread of Zeus into mobile platforms marks the beginning of a new era of malware mobility. What’s dangerous in this approach is that the same malware controls two communication channels – the PC and the mobile device and as a result can launch extremely effective attacks against banks and organizations that rely on these two channels for authentication and transactions.

Many enterprises rely on two-factor authentication to protect against unauthorized remote access to their networks and sensitive corporate applications. Malware such as Zeus which can reside both on the PC and the mobile device can easily bypass these protections. For online banking the potential of the attack extends way behind authentication.

Criminals can also control incoming voice calls and re-direct them to the attackers. So when the bank detects a suspicious transaction and calls the customer for confirmation, the criminals can pick up the phone on the other side and do that on behalf of the customer. By controlling both the phone and the PC criminals achieve devastating power. Frankly, I’m amazed that it took them so much time to do this.


Social networks are easy targets for malware. As a Linked In user I’ve received a few email alerts where I didn’t really know if they’re genuine or not. The first thing you want to do when you get a Linked In invite from someone you’re not sure you know is to click the View Profile link embedded into the email. These emails also include links to accept and reject invitations.

Linked In are not alone here and many of the social networks send emails with links and even experienced users may be fooled into clicking one of these really well crafted emails. Once the criminals gain control of a social network account they have access to the victim’s list of friends and they can send out more targeted messages to these friends, and raise the risk of getting infected even higher.

Targeting social network users for distributing financial malware is a smart move for the criminals. These attacks are much more likely to succeed than phishing attacks on banks. Once Zeus installed on the user’s computer then the criminals get access not only to login information but also to real-time transactions and other sensitive information on the victim’s computer. To defend against attacks web 2.0 attacks like this enterprises and users need to use secure browsing services in addition to gateway level firewalls, antivirus and anti-spam defenses.