14 DAY TRIAL // Security researchers from antivirus vendor Trend Micro have identified a variant of the infamous ZeuS computer trojan, which targets large banks located in Italy, Germany, France and the United Kingdom. The command and control server has been tracked down to a server in Serbia previously used in other cyber-criminal activities.
According to Trend Micro, amongst the targeted financial institutions are Banca di Roma (Bank of Rome), a subsidiary of UniCredit Group, which dominates the Central and Eastern European markets; Abbey National, the UK bank recently rebranded to Santander after its parent, Grupo Santander, one of the largest banking groups in the world; HSBC, the world's leading banking group with a very strong presence in Europe; Crédit Mutuel, a major French retail bank; and the FIDUCIA Group, Germany's top provider of IT services for credit unions and other financial organizations.
"At this point, we do have the data that show that these banks are indeed being currently targeted. We are including some names of the banks here to make people aware," commented Ivan Macalintal, advanced threat researcher with the antivirus vendor.
Computers infected with this ZeuS variant, detected as TROJ_ZBOT.BYP by Trend Micro, contact two domain names hosted on a Serbian server. According to the security company, this server is known to have hosted domain names used in scareware distribution or spam campaigns in the past.
ZeuS, also known as Zbot, is one of the biggest malware threats currently circulating on the Internet. There are hundreds of ZeuS variants in the wild at any given time, because the trojan client is highly customizable and is being generated with a crimeware toolkit sold to cybercrooks on the underground market.
Zbot is capable of stealing login credentials for a wide array of account types, from social networking to webmail and FTP. However, by far the most targeted information is credit card details inputted into Web forms and online banking passwords.
The latest iteration of the crimeware platform can cost as much as $4,000, but it can also be extended through a series of independently developed and sold modules. Such add-ons are available for prices between $500 and $10,000, depending on their functionality.