Zeus takes aim at credit authentication services

The infamous Zeus malware botnet has begun harvesting user bank data by posing as a credit card verification scheme.

Security firm Trusteer said that the malware has been injecting phishing pages into user systems which harvest bank details along with personal identification information. The pages claim to be from the bank and ask the user to fill out an "enrolment form" for the 'Verified by Visa' or Mastercard 'SecureCode' security programmes.

The Zeus botnet has built up particular notoriety for its phishing practices. Rather than attempt to redirect users to infected sites or phishing pages, the malware embeds itself within the system and then generates phishing pages locally.

According to Trusteer, the malware is now waiting for the user to log into banking sites, and then generating the phishing pages which the malware claims to be from the user's own bank. Trusteer said that the attack currently targets customers of at least 15 US financial institutions.

The stolen account data is then used to register accounts with the services and perform fraudulent transactions.

While Zeus has commonly been linked to financial fraud operations, the malware has performed other activities. Earlier this year the botnet made headlines when it moved from collecting financial data to harvesting information from government workers.

The infections have continued despite increased efforts to shut the botnet down. Trusteer estimates that the malware may infect as many as one out of every 100 machines.