zeus 3 malwareOn the heels of the announcement of the uncovering of Zues 2 Botnet, there are reports that the next version of the Zeus Malware is back with a bang. The next version is Zeus 3, and ITPro has reported that it has caused stealing of private information and login details of the customers of a particular financial institution in UK, which has resulted in Hackers stealing more than GBP 675,000 from their bank accounts.

Here is the mechanism through which Zeus 3 attacked the victims and stolen their credentials.

The hackers in this case were highly sophisticated. They used a number of techniques to spread the malware, including the publishing of malicious ads on legitimate websites, or simply infecting such sites.

By using the Eleonore Exploit Kit, the cyber criminals were also able to determine what country an infected user was based in and in this case they targeted UK bankers.

As soon as victims logged into their internet banking service, the Trojan sent the login ID, date of birth and a security number back to the command and control (C&C) server, which was located somewhere in Eastern Europe. Zeus v3 would then be sent JavaScript code to replace the original bank JavaScript, used for the transaction form.

Data placed into the form was then sent to the C&C system rather than the bank and the information was analysed to determine how much money was in the targeted account. Once the Trojan had been told which money mule was to be used and the illicit transaction was completed, Zeus v3 continued to listen to the bank response and report back to the C&C system.