Zeus Lives! Russian Cybercrime Gangs Draining Bank Accounts from Facebook


A Russian cybercriminal gang is operating on Facebook and it is using malware to drain the bank accounts of unsuspecting users.  Even worse, the evidence points to Zeus, a virus that has been around for about six years now. Constant evidence shows that Zeus is not slowing down by any measure.  That’s because Zeus is modified, sold to, and produced by cybercrime groups on a continual basis and they pay top dollar for the latest undetectable builds.  The other part of it is that the public is finding their way to these pages, as in this latest case, on Facebook.

As Nicole Perlroth reveals in the New York Times, this Trojan is being spread by “phishing” – which if you don’t know by now is a ruse to try and get you to click on something you probably shouldn’t or give up credentials without even knowing it.  In this scheme, the pages the victim visits are loaded with the Zeus malware.  The infection then goes dormant, waiting for the moment that the victim logs into their bank account, steals the credentials, then drains your account.  It also spreads messages to all the victim’s Facebook connections, which for lack of a better word, creates a viral aspect to the proliferation.

On a popular NFL fan page, fake Facebook profiles post links to Internet addresses controlled by the Russian Business Network, an online criminal gang accused of various online crimes, ranging from identity theft to child pornography.

According to the NYT report, there have been efforts to notify Facebook of this issue, but little has been done to stem the issue.  The founder of Fans Against Kounterfeit Enterprise, Eric Feinberg says in the article that an after-the-fact approach that Facebook is taking is insufficient.

“If you really want to hack someone, the easiest place to start is a fake Facebook profile– it’s so simple, it’s stupid.”

So with so many people that are quite active on Facebook, what can be done to protect yourselves?  Well first of all, Zeus only targets Windows-based systems – a prime target because of the fact that even today a majority of computers are based on it.  Zeus is a particularly difficult piece of malware to remove, part of that is because it has stealth features built into it.  As reported, the virus stays dormant, so the victim typically has no idea they have been infected at all.  It is also diligent in wiping records of its activities, so antivirus researchers have little to work with.  The cyber theft operations also pipes and collects the stolen data to a collection server, a component that by latest reports is now integrating distributed computing, making it even harder to isolate.  Agencies, service providers, and other groups have in recent years been involved in efforts to find and confiscate the servers used in the crimes.

The bottom line is don’t click on stuff on Facebook, if it looks too good to be true, it probably is.  There is no “Facebook Black”, there is no 90% off app for Oakleys, there is no Facebook spy mode – don’t click on links that just don’t seem right.  When you see scams like this report it.  As far as Facebook goes, they have to start cracking down on pages that are operating like this.