Security firm warns of UK-specific Zeus 2.0 botnet

The Zeus 2.0 botnet is harvesting a wide range of personal data via phishing attacks

Trusteer claims to have found the first instance of a pure Zeus 2.0 botnet, which it said is targeting customers of UK financial institutions.

The security firm discovered the botnet during a six-month study of Zeus 2.0, and said that it is the first of its kind to be built solely on the emerging botnet. However, the company explained that there are other instances around.

Mickey Boodaei, chief executive at Trusteer, said that the botnet specifically targets UK citizens and their financial information.

Zeus 2.0 gathers typical information like log-ins and passwords for banking sites, but also harvests data that could be used for social engineering, such as place of work and job role.

"It's very focused. It's targeting the UK market, its financial institutions and its citizens," said Boodaei.

The botnet steals credit and debit card numbers, banking site log-ins, bank statements, passwords, FTP passwords, certificates and cookie information, representing a major threat to financial services customers, according to Trusteer.

"What is especially worrying is that this botnet doesn't just stop at user IDs and passwords," said Amit Klein, chief technology officer at Trusteer.

"By harvesting client-side certificates and cookies, the cyber criminals can extract a lot of extra information that can be used to augment their illegal access to those users' online accounts."

The botnet is easily searchable, added Boodaei, and has a "Google-like interface" that can be used to drill down into results, searching for users of a particular bank, for example.