The well-read UK security news site The Register is carrying a story detailing how the operators of the Zeus botnet planted their sophisticated malware on thousands of UK bank customers’ computers, stole log-in information then raided the accounts for more than $1 million with the help of money mules.

Bradley Anstis, vice president of technical strategy for M86 Security, which discovered the attack several weeks ago, told The Register that his company is providing information to the bank involved as well as law enforcement officials.

He said the M86 identified the botnet a command and control server — hosted in Moldova — and downloaded log files from it.

“It also found that the exploit pack used to seed the attack had claimed a much larger number of victims – as many as 300,000 machines. The vast majority were Windows boxes, but 4,000 Mac machines were also hit.

“The logs also revealed that 3,000 online banking accounts had been victimised between 5 July and 4 August alone,” The Register said.

Story here.

This should be the big wake-up call for Mac users: it’s time to run an anti-virus application and firewall.

We’re NOT going to get into the ever-raging fight about the intrinsic security of Macs vs. Windows. Banking Trojans like the one responsible for this million-dollar rip-off are operating-system neutral. They get installed when the person USING the machine gets social engineered into running an installer. Mac OS will not protect users from themselves these highly-sophisticated and ever-evolving schemes that snatch bank login information.

Bank customers might consider the following:

  • Install an anti-virus application and firewall on your machine (Macs too) and keep them updated.
  • Small businesses might consider having a machine dedicated to banking transactions that is NOT used for routine email or web browsing. Access to the machine should be limited to employees who need to interact with the bank account.
  • If your banking transactions are fairly simple, use your bank’s phone-banking system (if one is available) to do your banking.