Old Bank Account-Draining Virus Found Spreading On Facebook
June 6, 2013

Old Bank Account-Draining Virus Found Spreading On Facebook

Michael Harper for redOrbit.com — Your Universe Online

An old virus is gaining some new life on Facebook, infecting users on PCs and even Android and BlackBerry mobile operating systems. The Trojan virus “Zeus” steals passwords and banking information before emptying out entire accounts.

Zeus has been floating around the Internet for nearly six years and now security experts at TrendLabs say it´s been picking up steam by infecting Facebookers and their friends. For its part, Facebook is only recommending that its users exercise caution when on the social site or anywhere else on the web.

According to TrendLabs´ data, Zeus began to gain momentum in February, peaking a few months later in May.

“These malware are designed to steal online credentials from users, which can be banking credentials/information or other personally identifiable information,” reads the TrendLabs report. Similar to other viruses, Zeus not only steals information from its victims, it also blocks their access to anti-virus and anti-malware sites which may detect it. There have even been reports of the virus replacing a bank´s webpage with its own. Here it asks the victims for even more information, such as social security numbers, which are then sold on the black market.

Some victims have had their entire bank accounts drained after clicking an infected link and unknowingly handing over their account information.

According to the New York Times, a Russian criminal ring called the Russian Business Network is responsible for hosting the servers where the Zeus Trojan lives. The same group is known for other unsavory and illegal dealings on the Internet, including identity theft and child pornography.

Zeus is being passed around in much the same way other malware is distributed. A user will click a compromised link promising to show them pictures of Hollywood celebrities or spiders living underneath someone´s skin, for example.

Once the link is clicked, the virus is installed on either the desktop PC or Android handset and waits for the user to visit their bank´s website. The virus also sends out messages and posts from the victims account to lure their friends to click the same infected link. Eric Feinberg, founder of advocacy group Fans Against Kounterfeit Enterprise (FAKE) told the New York Times that his group found the virus in a fake Facebook group called “Bring the NFL to Los Angeles.” He also found Zeus on other popular NFL groups on Facebook.

"Anybody can be anybody on Facebook, and that's what´s wrong with this; there needs to be a vetting process,” explained Feinberg in a separate interview with NBC.

Feinberg is also calling on Facebook to institute some changes and crack down on this outbreak, but so far they haven´t said anything new. When asked for a statement, Facebook repeated earlier statements claiming the social site regularly scans for malware and offers users help to rid themselves of these viruses.

As it stands, this resurgence of a six-year-old virus should act as reminder that no one is ever safe online. The same safety measures exercised six years ago can be used today; don´t click on any links in suspicious email or social networking posts. If you´re skeptical about a link a friend sent you on Facebook, it´s best not to follow it. Additionally, be sure to only log in to Facebook.com, Twitter.com, etc., and never any variations of these two.

Cyber thieves have been known to set up web sites with similar addresses and similar front pages. Logging into these fake sites with legitimate Facebook credentials allows the virus to take over the account and begin sending out infected messages to your friends.