Zeus Trojan Using Man-In-The-Middle on Retailer Sites

Friday, December 10, 2010



Security company Trusteer, who specializes in enterprise and consumer vulnerability issues, reports they have detected the use of man-in-the-middle and social engineering tactics in conjunction with the Zeus Trojan.

The techniques are being used to skim credit card numbers and personal information when consumers are visiting the websites of large commercial retailers like Macy's and Nordstroms, according to the report:

The attack we discovered uses social engineering to gather additional information beyond the credit card number that will make it easier for the criminal to bypass fraud detection measures used to investigate suspicious transactions.  
In this case, the social engineering method used is very credible since the victim has navigated to the card issuer’s website – www.macys.com and www.nordstromcard.com – when Zeus injects a legitimate looking man-in-the-middle pop-up that requests personally identifiable information:


The Associated Press reported earlier this week that the nefarious Zeus Trojan has also been modified to target corporate bank accounts.

The Zeus Trojan had previously netted millions of dollars after spreading through tainted emails and communications designed to look like messages from the popular business-oriented social networking service LinkedIn.

The FBI indicates that nearly 400 cases involving the Zeus Trojan have been reported.

Consumers should always exercise caution when making purchases online, and should be wary when asked to provide personal information, PIN numbers, Social Security Numbers, account information, and passwords.

Possibly Related Articles:
Viruses & Malware
fraud Trojans malware Zeus Headlines Credit Cards Man-In-The-Middle
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.