So it isn't just a simple thing for the ZeuS trojan to transfer funds from the account of somebody with an infected computer.īest advice: update your computer software to avoid infection. Unfortunately, any computers infected last week will have downloaded a configuration file that includes lots of redundant server names.īut fortunately… most of the banks that we've worked with in the past have extensive transaction controls on their back end systems.
The server which hosted the configuration file (from which the screenshot was taken) has been taken offline, so this variant can infect, but cannot download the locations of its Command & Control servers. Here are some of the banks that are being targeted.įor banks that use Java applications, this ZeuS appears to attempt a replace and imitate approach. Instead of stating "Welcome Bank Customer", the trojan declares "Welcome name withheld".
One variant of ZeuS, which is circulating now, includes a Finn's name within the localized efforts. Clearly, some bad guys out there have evolved from Google Translate, which is the level of localization we used to expect in the past.īut the bad guys still make basic mistakes. We continue to see decent localization within ZeuS variants (and not just Finnish). And while the Finnish localization was pretty good - it used "Suo anteeksi" within an error message… not typically the kind of thing you'd read via software. A couple of months ago, there was an overly polite variant of ZeuS circulating here in Finland.