ZuesBot Makes its rounds through Credit Unions



A flurry of zuesbot attacks have been occurring at credit unions throughout the country. All credit unions should provide a warning and information to their members.



Zuesbot is a particularly nasty malware that is bypassing top AntiVirus / Malware scanners.





Once infected it waits for the user to login to their online banking, logs the credentials, then pops up a screen that asks the user to further verify their login by entering their credit card data.  All information gathered is sent back the the attackers





While some users may be skeptical and not enter their data, the damage is already done. The online banking credentials have been compromised.



So, if you have members reporting this, the only recourse is to shut down their machine, change the online banking account passwords, look for changes to the account, wipe and reload the user's machine.



After receiving notification, CUISPA issued an alert to its registered members and identified dozens of cases throughout the country.



This is a variant of the same attack that is making news in the ACH world.





Corporations unsuspectingly download the Zuesbot malware, which waits for access to the company's online banking site. At which time the attacker takes over to leverage the ACH capabilities of the company.





Shall we all reconsider stronger one time use / out of band authentication?



View Full CUISPA REPORT by logging onto ALERTS.CUISPA.ORG view the Alerts Forums 





CUs Warned about Security-Skirting Malware



Posted by John B. Frank Wednesday, January 13, 2010

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers