ZeuS Starts Targeting Online Payment Service Providers

Security researchers have found evidence that fraudsters using the ZeuS banking trojan are increasingly targeting services that facilitate online payments in real or virtual currencies.

Malware analysts from Trusteer, a provider of secure browsing solutions, have detected moneybookers.com in the configuration of 26 different ZeuS samples.

Moneybookers is an UK-based online payment services provider similar to PayPal, which is relatively popular on the European market.

Trusteer's chief technology officer, Amit Klein, says the number of ZeuS configurations specifying Moneybookers as a target is not too different than of those mentioning popular banks.

"This usually indicates that fraudsters have a solid business around this target," the security researcher notes.

Another target is WebMoney, an electronic money payment system with over 11 million users. The service was originally aimed at Russian-speaking users, but it can now be used worldwide.

WebMoney is commonly being used by cybercriminals in their dealings because it allows a high level of anonymity for transactions.

Trusteer has seen wmtransfer.com (WebMoney Transfer) specified in 13 different Zeus configurations, the lastest being on January 16th, which suggests this is an active target.

Another UK online payment company called Nochex (nochex.com), which caters mainly to small and medium sized businesses, was also spotted in recent ZeuS configurations.

Klein explains that these three providers have already been targeted for months now, but as of late, new services began appearing in ZeuS configurations.

One of them is a prepaid card provider called netSpend (netspend.com), which allows customers to credit their accounts using several methods and then pay with a netSpend-issued card online.

Another newcommer to the ZeuS target list is e-gold, a company known for being accused and investigated by the US government for enabling money laundering. It has was seen in 16 ZeuS configurations so far.

"We believe this trend of targeting online payment providers will continue as more retailers allow these alternate payment methods with their web sites," Trusteer warns.