lunes, 23 de agosto de 2010

Windows Users: Zeus Is after Your Money!!!!

These two months have been such a tough period of time for Windows users! Last month, the menace of W32.Stuxnet worm, which spreads through USB devices, was discovered targeting industrial manufacturing plants...
Now, the newcomer this month is the newest version of Zeus, a trojan and keylogger which apparently contains Windows-like anti-piracy technology (??!!) and has already emptied $1 million from bank accounts in the United Kingdom! Wow! It seems that now even Greek gods want to compete with Microsoft for the money that Windows users may have!
This Zeus trojan (as paradoxical it may sound...The Greek God being a Trojan??!! Oh, well!) can be obtained, according to the article, by either visiting a legitimate Web site that is secretly hosting the malware, or a site designed to host the malware, or a legitimate site hosting the malware in an advertisement. It also mentions that the primary attack came through malicious advertisements, including ads delivered by Yahoo's That's bad advertising indeed! Then, Zeus acts as a keylogger and a password stealer, but it also does more than that: it tests the victim machine for each exploit it knows in order to get a successful infection.
Ah, but there's more: "When the user accesses his or her bank Web site, the Trojan transfers the log-in ID, date of birth, and a security number to the command-and-control server. Once the user accesses the transactional section of the bank Web site, the Trojan receives new JavaScript code from the outside server to replace the original bank JavaScript used for the transaction form.

When the user interacts with the transaction form for legitimate business, the Trojan works behind the scenes to manipulate the transaction. First it checks the account balance and if it is over a certain amount it will determine how much to steal within a limit so as not to trigger automatic fraud detection alarms."

Dear Windows user: it's time you seriously consider doing your online banking safely. Are you afraid installing GNU/Linux on your PC will bring Microsoft's wrath on you and your family for three generations? How about a nice Linux Live CD, then? GNU/Linux doesn't bite, you know? Even if it did, it can't be compared to realizing someday you were a victim of Internet criminals. Are you willing to wait until someone empties your account to act?

4 comentarios:

  1. Very interesting entry. So it's now Zeus...I wonder why they haven't created a virus that creates incompatibility among the document formats...ah, wait. Every new MS Office does that.

  2. It's disconcerting that when the so-called technical publications report on malware, trojans, botnets, etc, it is always a PC problem they never call it out for what it really is: A Windows OS/application problem. I'm using a GNU/Linux powered PC and I do not have any malware problems. Do you?

  3. @Mechatotoro: A virus takes over all your resources progressively, downloads software without your knowledge or consent, slows down your PC, shares your PC info with others remotely, locks up your system, renders some software and hardware unusable...very much like Windows indeed! :P

    @pjcolon: I agree totally. Since I upgraded to GNU/Linux, I forgot about malware, about antivirus updates, or PC scans. It's sad that most people are brainwashed and actually believe malware is part of their computing experience.

  4. True. Yesterday, one of my students said that it was strange that I collected their usb viruses. I replied "Well, they are harmless in my Linux system. To me, it's actually stranger that you know these things destroy your system and you simply accept to live with them".