Zeus

An Inside Look at a Banking Trojan


By Jean-Francois Legault

jean-legault-80x80.jpgDigital Fingerprints     

A Closer Look at Technology and Fraud    

  

  

  

  

After I taught the breakout session, "How Technology Changed Fraud Investigations," at the 22nd Annual ACFE Fraud Conference and Exhibition in June, I received a number of questions about how banking Trojans work. The timing was perfect: In May, various underground forums leaked to the public the source code for the Zeus banking Trojan. Zeus, a highly configurable crimeware, is one of the most pervasive threats in the cyberlandscape. Its "public" release does not necessarily mean it is no longer a threat: More people will have access to it, and it can now serve as inspiration for future banking Trojans. This comes at about the same time as Zeus' author announced his retirement and turned the source code over to a competitor.    

 


For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.

Related Articles

Lourdes C. Miranda, CFE

Throughout her career investigating financial crimes — first in the CIA and FBI and now in the private sector — Lourdes Miranda found that understanding human behavior is instrumental to cracking cases. She now urges fellow CFEs to balance technology with human intelligence in their investigations and learn everything they can about cryptocurrency and blockchain.

Measure and monitor your fraud risk management program success

‘Tis the season to set company goals. As we wrap up 2023 and look to the new year, ponder this: What are some of the key performance indicators (KPIs) companies use to measure the effectiveness of their fraud risk management program? Here, we explore some leading examples of anti-fraud KPIs that drive business value.

Phishers use AI to bypass email security, fake life insurance policy scams and more

Phishing scams never disappeared; they’re just more sophisticated. Also reject letters promising millions from insurance policies. And beware of invoices for COVID-19 tests you never ordered.