New Malware Strain Poses Serious Threat to Facebook and Gmail Users
Posted July 3, 2012
ThreatMetrix Finds that New Variant of the Zeus Trojan Turns Login Pages into Credit Card Traps
San Jose, CA – July 3, 2012 – ThreatMetrix™, the fastest-growing provider of integrated cybercrime prevention solutions, announced a new strain of Zeus malware that puts Facebook and Gmail users at high risk for cybercrime. This new variant steals credit card information by posing as the typical login pages for Facebook and Gmail and then asking users to enter credit card credentials.
ThreatMetrix identified this strain as a new variant of the peer-to-peer (P2P) version of the notorious Zeus Trojan. It poses intensified risk for Facebook and Gmail users due to its unusually cunning behavior, catching victims off-guard by waiting to attack until after a website’s login page appears to be functioning normally. After the user logs in, fraudulent pages appear personalized with the victim’s information and request credit card information, posing as genuine assets of Facebook or Gmail.
“Today’s cybercriminals are rapidly evolving to surpass some of the most advanced malware and cybercrime automatic detection routines,” said Andreas Baumhof, chief technology officer, ThreatMetrix. “Recently, social media platforms have taken to monetizing their sites. Facebook now has Facebook Credits, while Google’s Checkout is widely used by many online vendors.
Online businesses need to take the proper steps to protect their users from these attacks.”
ThreatMetrix tracked this strain of attacks on sites like Facebook and Gmail, formulating a list of common scams consumers need to be aware of:
• ”Transferring Facebook Credits to your bank account is now available!”
• “Earn up to 20 percent cash back purchasing Facebook Credits with your MasterCard or Visa debit card.”
• “Link your debit card right now with your Google Mail account to pay simply and securely at more than 3,000 stores online.”
For more information on the new strain of Zeus Malware, ThreatMetrix Labs reports are available at https://www.threatmetrix.com/threatmetrix-labs/threatmetrix-labs-reports/.
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.
Walker Sands Communications