Zeus botnet compromises 3,000 UK bank accounts

UK banks will be growing nervous at the increasing numbers of attacks targeting their online banking customers

Security experts have uncovered yet another Zeus attack targeted at the customers of a specific UK bank, which has compromised over 3,000 accounts and transferred in excess of £600,000 from victims' accounts to its creators.

M86 Security revealed that customers of the UK-headquartered financial company, which it refuses to name, have so far been hit for £675,000 by the Zeus v3 attacks.

The web-based malware infects the unprotected desktops of users visiting certain infected web pages, installing a browser plug-in which pops up to ask the user to log-in to their bank, according to M86 vice president of technical strategy Bradley Anstis.

It then cleverly checks the account balance of the user and, if it is over £800, will proceed to issue a money transfer transaction.

"At least 3,000 accounts have been compromised and this dates back to 5 July. We are working with the bank and law enforcement and the investigation is ongoing," he said.

"The problem with this type of malware is that it's all for sale just like Microsoft Word is at Dixons. You don't need a degree in computer science to get started."

This kind of man-in-the-browser attack will circumvent traditional two-factor authentication devices, so bank customers should use safe browsing tools to avoid infection and keep a close eye on their account activity for any unusual behaviour, said Anstis.

Zeus is proving to be a headache for UK banks. Just last month security firm Trusteer claimed to have discovered a Zeus 2.0 attack aimed at gathering information like log-ins and passwords for banking sites.