Security Professionals Warn Nacha Members Of New Zeus Trojan

By Author: eccuni
Total Articles: 211
Comment this article

Zeus Trojan is back in the news again. Internet security firm Sophos has alerted users on a new scam, wherein Trojan targets members of National Automated Clearing House Association (NACHA), which handles the development, administration and governance of Automated Clearing House (ACH) network. Cybercriminals are allegedly sending cleverly crafted e-mails to the members of NACHA enticing them to download and install attachments containing Zeus malware. The e-mails inform customers regarding failure of a transaction sent by the customer, their bank or some other person. The spoofed e-mails appear to come from NACHA and contain a Transaction ID. The e-mails seek users to download a file containing Transaction report for ascertaining the reason for rejection. When unsuspecting users download the file, they inadvertently insert Zeus botnet node on their computer systems. Zeus Trojan is capable of extracting financial information stored on the compromised computer. The Trojan downloads configuration files from remote computer and explores browsing activity of the user to match with the URLs listed in the configuration files. When ...
... user opens a legitimate financial site and enters Login credentials, the Trojan extracts the same. In this case, Zeus apparently collects details of ACH Transactions. Last year, cybercriminals made use of Zeus Trojans to steal funds over 6 million GBP from customers of British banks. Attackers also targeted LinkedIn users with fake connection requests to download Bugat Trojan, a variant of Zeus.

Another variant of Zeus, Zitmo (Zeus In The Mobile) Trojan is targeting mobile devices to intercept and misuse high security passwords sent by banks. Banks across the world are using high security passwords to authenticate online bank transfers by customers. Earlier in the year, customers of ING Poland were deceived through Zitmo Trojan.

The ACH network facilitates electronic transfer, corporate payments and direct payment of funds to consumer accounts such as interest, dividends and pensions among others. Participants of ACH include corporates, individuals and financial institutions.

Internet users must avoid downloading suspicious files. They may cross-check transaction ID to confirm, whether the transaction referred in the e-mail is legitimate and pertains to them. In case of suspicion, they may directly contact their concerned bank or clearing house to confirm the authenticity of the e-mail. Genuine transaction failure communication from a legitimate organization is likely to be personalized and specific. online degree courses may help customers on "Do's and Don'ts" in cyber security.

As cybercriminals may target employees of financial institutions and banks, organizations may educate employees on the latest threats, precautions in online communications and secure use of web browsers. Online university degree courses may help IT professionals in understanding and implementing new security mechanisms.

Professionals qualified in computer science degree and Information security may help in timely detection of threat vectors, mitigating measures and patch management. Organizations must regularly evaluate the security of the IT infrastructure to weed out vulnerabilities and remediate lapses. Organizations may restrict incoming connections through firewalls, encourage use of user level privileges, configuring e-mail servers to prevent downloading of files with risky extensions.