Tags: zeus trojan horse | computer virus | hacking | cybersecurity

Is There a Bank Robber in Your Computer?

Is There a Bank Robber in Your Computer?

Monday, 03 April 2017 04:32 PM Current | Bio | Archive

Wired published a story last week that should be required reading for anyone who goes online. It was about a cybercriminal, and, yes, it was about you. In fact, when it comes to this particular category of malfeasance, many consumers are the unwitting accomplice.

The exploits attributed to the Zeus Trojan Horse and its subsequent versions are too many to catalog here, but millions of dollars were siphoned from bank accounts world-wide before the operation could be shut down.

The Zeus Trojan was considered a work of art — the criminal equivalent of the military-grade Stuxnet computer worm that was purportedly designed by the U.S. to take out a nuclear enrichment facility in Iran. It was a masterpiece of stealth and functionality, infecting computers in the usual way, through social engineering — or in other words, by tricking users into clicking on a link or an attachment that downloaded the malware onto their machines.

All the usual clickbait was in play: bank notifications, overheated threats from the IRS, notifications about the loss of insurance coverage, or frozen accounts — the list is endless.

As Garrett Graf reported, "once it was on your computer, Zeus let hackers play God." The malware was created by a hacker known by a number of aliases, but was a compete cipher to law enforcement officials. It had a tremendous amount of functionality, and made its way onto an enormous number of machines.

The list of functions made Zeus the cybercriminal’s best friend, and for years it enjoyed great popularity. It even had a ticket-style customer support department.

Websites could be switched to facilitate the gathering of sensitive user information that could in turn be used to commit financial crimes. There was a keystroke recording feature that let the controller get login names and passwords and anything else used in the authentication process. The program actually changed a website before it loaded, so you had no idea you were being robbed till you logged in on a different device or tried to withdraw money and discovered that someone beat you to it. The icing on the cake here — and it’s a really amazing cake — is that this killer app has the ability to rope all its botnet-ted machines together to launch a distributed denial of service attack against whatever bank they’re robbing so that by the time it’s over all the money’s long gone.

So What Does This Have to Do with You?

If people weren’t so quick to click, none of the above would be possible.

Cybercriminals are truly like parasites. They can’t do anything without their host, so they are very careful not to damage that host beyond the point where it can no longer perform its function. The function is to provide bankable information. Sometimes that means the host’s personally identifiable information—to commit fraud (generally something that will not bankrupt the host but rather just result in an annoyance — sometimes minor, but sometimes colossal). However, the point is to leech a profit off the victim without doing grave damage so that multiple crimes can be committed: identity theft, bank fraud, tax refund diversion, botnet attacks.

In most cases, this is made possible because the cybercriminal has taken control of a part of a user’s computer, leaving those parts the user needs to go about daily life untouched. In fact, the only way you can know if you’re part of a botnet might be to have an expert well-versed in cybercrime forensics take a look at your machine. It might run a little slow, but it might not. Most likely you will have no idea that you are a cog in a multi-million dollar bank heist or any other crime — including distributed denial of service attacks, at least in theory, against critical infrastructure, like the power grid.

What Can Be Done?

You are the solution.

Every time you go online, you can become part of a botnet simply by clicking thoughtlessly on a bad link — one that turns your computer into a weapon or a bank robber’s tool. You have to learn how to take a breath.

  1. Never click on a link from the IRS. They don’t send actionable email.
  2. Never click on an email from your bank. Always go to the confirmed, official site, or log on from a bookmark, and make sure you see HTTPS in the URL indicating that your session will be encrypted.
  3. Don’t click on attachments sent by a friend without texting or calling to ask if they sent something.
  4. Use your head: Social engineering exploits curiosity. Always pause and ask yourself: Could this be a scam?

While law enforcement is making great strides, citizen action is a critical component in the fight to stop cybercrime in its current form. We all have to consider ourselves deputized — part of the sheriff’s posse — 'til the Wild West years of the Internet settle down into something more civilized.

Adam K. Levin is a consumer advocate with more than 30 years of experience and is a nationally recognized expert on security, privacy, identity theft, fraud, and personal finance. A former Director of the New Jersey Division of Consumer Affairs, Levin is chairman and founder of CyberScout and co-founder of Credit.com. Levin is the author of Amazon Best Seller "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves." Read more of his reports — Go Here Now.

© 2019 Newsmax. All rights reserved.

1Like our page
You are the solution. Every time you go online, you can become part of a botnet simply by clicking thoughtlessly on a bad link — one that turns your computer into a weapon or a bank robber’s tool.
zeus trojan horse, computer virus, hacking, cybersecurity
Monday, 03 April 2017 04:32 PM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
© Newsmax Media, Inc.
All Rights Reserved