13 Dec 2010

Zeus botnet goes after credit cards

The Zeus botnet has plagued peoples’ bank accounts for months. Now it has a new target - credit cards. According to a warning by an internet security firm, the Zeus botnet was recently upgraded to target credit card users’ accounts.

The update, called Zeus, allows the malware to steal victims’ credit card credentials, conduct “card not present” transactions and avoid retailers’ anti-fraud measures. "The attack we discovered uses social engineering to gather additional information beyond the credit card number that will make it easier for the criminal to bypass fraud detection measures used to investigate suspicious transactions," said Amit Klein, CTO of the security firm that discovered the update.

When users are attacked by the malware, they might enter their card information into a retailer’s website only to find that the site cannot verify the payment. This is because the Zeus botnet is harvesting their information and funneling it to criminals.

According to Klein, several major retailers have been targeted, including Nordstrom and Macy’s.

The Zeus botnet is one of the most popular among cyber criminals who can purchase it for as little as $3,000.