A Zeus v2.0 botnet in control of more than 100,000 computers is being used to steal online bank account and card details from unsuspecting customers in the UK, according to the security firm Trusteer.

Run from Eastern Europe, the botnet has been used by criminals to gather account identities, logins, credit and debit card numbers, bank statements, even browser cookies, all so that the data harvested from the keylogger virus can be used for fraudulent ends.

The scam was discovered by Trusteer, who have alerted UK law enforcement agencies, when they gained access to the botnet’s drop servers and command and control centre, which contained the stolen information, including hundreds of thousands of identities, credentials, passwords and so forth. One of the four major UK High Street banks is believed to be the focus of the attack.

“This is just one out of many Zeus 2.0 botnets operating all over the world,” says Amit Klein, Trusteer’s chief technology officer. “What is especially worrying is that this botnet doesn’t just stop at user IDs and passwords. By harvesting client side certificates and cookies, the cybercriminals can extract a lot of extra information on the user, which can be used to augment illegal access to those users’ online accounts.”

“Coupled with the ability to remotely control users’ machines, download data and run any file on them, this means that the fraudsters can insert partial or complete internet pages into a live web session, enabling them to inject transactions at will or extract even more data from the hapless victims,” he added.

This is another example , claims Klein, of the growing trend towards regional malware where cybercriminals operate targeted and segmented attacks on users, harvesting revenue from one bank’s users on one day, and, as that bank’s security systems ramp up, moving on to another regional bank the next day; in this case the UK has been targeted.

• In other news, the Metropolitan Police’s Central e-Crime Unit (PCeU) arrested six people in London who stole millions of pounds after phishing the personal details of in excess of 20,000 people across the UK and Ireland. The Irish Garda was involved in the investigation, which included a raid on a property in County Meath, Ireland, as part of the wider Operation Dynamophone investigation that is targeting a network of fraudsters.

According to the PCeU, 10,000 online bank accounts and the same number of credit card details were stolen in the UK by the criminal gang. The former resulted in £358,000 in stolen proceeds, with many more millions unsuccessfully targeted by the fraudsters, while card losses could run into the millions.

Share Story: