14 DAY TRIAL // Researchers from secure browsing solutions vendor Trusteer came across a ZeuS variant that injects rogue advertisements on high profile websites in order to promote a fake investment fund.
Despite no longer being actively developed, ZeuS remains the most popular crimeware tootkit for cyber fraudsters.
However, it seems that in the absence of new features, criminals are adapting the trojan's existing functionality for new purposes.
For example, its capability to inject rogue content into web pages displayed in the victim's browser was originally designed for stealing financial information by inserting rogue forms on online banking sites.
Since this functionality is not limited in respect to what content can be injected, a cyber criminal gang has come up with a novel way to leverage it.
According to Trusteer, their ZeuS variant injects rogue investment ads into trusted websites like Bing, Yahoo, Google, AOL, Amazon, Apple, CNN, Citibank, Forbes, ESPN and others.
The ads promise very high interest rates and claim the investment program is endorsed by the company owning the site where they were displayed.
"We want to inform you that recently, our company began to cooperate with URS Investment Fund. This is a great success for our company. Due to the investments of this company, we were able to expand its capabilities," users can read on a page shown when clicking a rogue ad injected in Yahoo's site.
The rogue investment fund website, which has since been taken offline, looked professionally designed, had a valid SSL certificate and allowed users to register accounts. This makes it much more sophisticated than common scam websites.
After registration, users are asked to upload funds through bank wire transfers or Western Union and make investments of $1,000, $5,000 and $10,000 into the program of their choice.
"This new attack is noteworthy for the level of sophistication and depth and breadth of content that the criminals have developed to make the scam appear legitimate and believable. Unlike many Zeus attacks, this is less about the attack code and all about selling the fraud scheme," Trusteer's chief technology officer, Amit Klein, notes.
