Businesses and individuals are at risk of serious data loss and security breaches as a result of a new botnet running on the Zeus 2.0 platform that is gunning for internet users based in the UK, according to security vendor Trusteer.
The main aim of the botnet is apparently to harvest data that will allow cybercriminals to defraud victims of their financial assets and although the attack is set to target banking logins, it will steal other data indiscriminately, which means its potential for disruption and damage is huge.
Trusteer’s CEO Mickey Boodaei said that the botnet was primed to steal credit card details and online banking access codes, but also warned that it would harvest personal data relating to employment and business location, allowing the cybercriminals to launch attacks against businesses and gain access to internal systems.
Mr Boodaei said that the botnet was only being exploited in the UK, which means that it is likely to wreak havoc if allowed to spread domestically. It will steal cookies and passwords to FTP and VPN services, meaning that those who are impacted by it may leave themselves and their employers totally exposed.
Trusteer’s Amit Klein said that firms and individuals should be most concerned about the fact that the botnet can harvest much more than banking login details, as the wealth of information being targeted could put the cybercriminals in a great position of power.
Not only is the botnet sophisticated in its function, but it is also incredibly easy for its operators to draw specific pieces of data out of the mass that is set to be harvested. Its integrated search engine echoes the usability of mainstream sites like Google, according to Mr Boodaei and so the criminals will be able to target individuals or specific businesses with relative ease.
Trusteer discovered this Zeus 2.0 botnet variant during an in-depth investigation that has taken more than half a year and it believes that although the Zeus 2.0 platform is in use elsewhere, this is one of the few examples that relies completely on it.
