Zeus attacks targeting financial investment market

New variants of the Zeus malware package are being used in an attack targeting financial investors.

Security vendor Trusteer said in a recent report that samples of the malware have been spotted in connection with URS Investment Fund, a phoney investment site which seeks to trick users into uploading money transfers to an account controlled by the attacker.

The attack uses the ability of Zeus to locally alter HTML files on infected machines, allowing attack code to be presented on otherwise safe web pages.

In this case, the malware has been injecting pages with bogus banner ads attempting to lure people to the URS Investment Fund site.

Popular news and financial sites such as Forbes, AOL, Citibank and Amazon have all been targeted.

"This new attack is noteworthy for the level of sophistication and depth and breadth of content that the criminals have developed to make the scam appear legitimate and believable," said Trusteer chief technology officer and head of research Amit Klein.

"Unlike many Zeus attacks, this is less about the attack code and all about selling the fraud scheme."

The incident is the latest in a long-running legacy of financial attacks and scams connected to the Zeus malware family. Known for its ease of use, Zeus has become popular with cyber criminals for phishing and financial fraud operations.

Paula Musich, a senior analyst for enterprise networking and security at Current Analysis, said that Zeus and other recent malware outbreaks are causing some enterprises to scramble for new security protection.

Musich told V3.co.uk that, rather than invest time in properly educating staff to avoid phishing and social engineering attacks, companies are looking for software solutions to protect against attacks.

"I don't think it has changed enterprise mentality, as much as sent them looking for another technology," she said. "The mindset is to see if they can't find some 'silver bullet' technology."