All the latest UK technology news, reviews and analysis


Zeus malware preys on job seekers with 'money mule' offers

13 Jun 2013
security risk management

Researchers have uncovered a new variant on the Zeus financial malware, which looks to recruit users as money mules to process cybercrime transactions.

According to a report from security vendor Trusteer, new variants on the malware detect when a user is trying to access popular jobs site CareerBuilder and injects code into local HTML files.

First detected as a financial malware tool, the Zeus trojan installs itself on infected PCs and functions by injecting code into otherwise legitimate HTML files. The malware is set up to detect when a user is accessing a number of popular sites and to harvest account details or ask for additional personal information. The technique allows Zeus to covertly perform attacks without the need to compromise any of the actual host servers or sites themselves.

In the case of CareerBuilder, researchers have found that Zeus injects code claiming to be job offer links. Users clicking on the injected links are then taken to a third-party site, which attempts to lure users in with jobs such as mystery shopper positions.

In reality, however, experts say users are being recruited as money mules for an organised cybercrime operation. Often operating without any knowledge of wrongdoing, money mules are commonly used by malware operators to receive payments from compromised accounts then resend the money as a wire transfer or by other means of laundering.

Trusteer said in its report: “While HTML injection is typically used for adding data fields or to present bogus messages, in this case we witnessed a rare usage that attempts to divert the victim to a fake job offering.

“Because this redirection occurs when the victim is actively pursuing a job, in this case with CareerBuilder, the victim is more likely to believe the redirection is to a legitimate job opportunity.”

Because neither the CareerBuilder site itself nor any servers have been compromised, users not infected with Zeus are not in danger from the attack. Experts advise users to guard against Zeus and other malware attacks by keeping system software, browser plugins and antivirus software patched and updated.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Related jobs
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
63%
8%
20%
9%

Popular Threads

Powered by Disqus
V3 Security Summit

V3 Security Summit Day 2: Botnet, skills and BYOD intelligence incoming

Keep V3 bookmarked for news updates on all the key security concerns and topics facing businesses

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Quality and Test Engineer

Quality and Test Engineer | Agile, Automation, SaaS Web...

Salesforce.com Project Manager - Confectionary Company- London

Salesforce.com Project Manager - Confectionary Company...

User Experience Director - Bangkok

Are you passionate about creating digital experiences...

Project Manager IS / IT

Project Manager required for a fast growing Global Software...
To send to more than one email address, simply separate each address with a comma.