The Zeus/Zbot banking Trojan is reported to be attacking the Verified by Visa and MasterCard SecureCode verification systems introduced in recent years by spoofing Visa and MasterCard enrollment screen.
The Zeus (also known as Zbot, PRG, Wsnpoem, Gorhax and Kneber) banking trojan is not a new one. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.
But now, Trusteer, a security company has prepared a report which states that Zeus is aimed at customers of 15 unnamed US banks.
Exploiting a man-in-the-middle browser attack when it encounters a desired bank login on an infected PC, the malware intercepts and spoofs the enrollment process through which credit card users are signed up for the first time by both major issuers, Mastercard and Visa, throwing users a convincing screen.
Not just the credit card information, it even captures social security and card numbers, and PIN or card verification codes. An established user would not, presumably, be vulnerable unless they entered the password they created when they signed up originally.
Sadly, Anti malware detection of Zeus has a poor track record. Trusteer found that among Zeus infected machines 55% had up-to-date Antivirus protection installed. The population of machines infected with Zeus is enormous — one in every 100 computers according to Trusteer research.