M86 Security has reported that a new version of the Zeus Trojan has been stealing money from bank accounts. This has been going on since early July and the amount of stolen money amounts to about $1 million.
The agency deems the virus a “sophisticated and dangerous threat” the likes of which they’ve never seen before. A total of 3000 accounts has been affected, all of them belonging to a still anonymous British bank.
The deal was as follows - if/when the account has more than £800, the virus transfers the funds to “mule accounts”, which are already penetrated accounts of other online banking customers. In the end, it covers up the trail by showing fake bank balances.
The virus exploits “security holes” in Microsoft IE and/or Adobe Reader and then lies dormant until the user connects to his/her bank account. Furthermore, M86 says that this threat “cannot be detected by traditional security software”.
Naturally, despite the fact that it won’t help, users are still advised to take measures to protect themselves, which pretty much means buy more antivirus programs. As for the Adobe Reader security hole, I guess the advice should be to just not read anymore as it might make you too smart to handle.
More here.