Feeds

New ZeuS-based Trojan leeches cash from cloud-based payrolls

Adds phishing mules to employee roster

Choosing a cloud hosting partner with confidence

Cybercrooks have forged a ZeuS-based Trojan that targets cloud-based payroll service providers.

ZeuS, a favourite tool for financially motivated cybercrooks, has provided a straightforward way to harvest online banking credentials for years. A new attack, detected by transaction security firm Trusteer, shows that crooks are going up the food chain.

Trusteer researchers have captured a ZeuS configuration that targets Ceridian, a Canadian human resources and payroll services provider. The ZeuS-based Trojan works by capturing a screenshot of the payroll services web page when a malware-infected PC is used to visit the site. This information is uploaded, allowing crooks to obtain the user ID, password, company number and the icon selected by the user for the image-based authentication system – enough information to siphon funds from compromised accounts into those controlled by money mules, as explained in a blog post here.

Trusteer reckons crooks are targeting the small cloud service provider in order to get around the tougher problem of how to bypass industrial strength security controls that are typically maintained by larger businesses. Cloud services can be accessed using unmanaged devices that are typically less secure and more vulnerable to infection by ZeuS-style financial malware.

The financial losses associated with this type of attack are potentially huge. For example, last August cyberthieves reportedly stole $217,000 from the Metropolitan Entertainment & Convention Authority (MECA) after compromising its payroll system and adding money mules as employees. A MECA worker reportedly fell for a phishing email that allowed crooks to steal access credentials to the organisation's payroll system.

Hitting payroll providers is certainly far more lucrative than targeting individual consumers, according to Trusteer, which predicts a growth in this type of attack as a result. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.