Holiday shopping season boosts Zeus botnet activity, beware CNP scams

In the wake of increasing number of purchases made online this holiday season a version of Zeus botnet is targeting credit-card account holders who shop several major U.S. retailers including Macys and Nordstrom, reports security firm Trusteer.

Trusteer researchers captured and analyzed malware samples designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud, says Amit Klein of Trusteer in a blog post. Klein says that the attack is coming from a Zeus 2.1.0.8 botnet, which is the latest and most sophisticated version of the Zeus malware platform

The attack is based on the social engineering scheme when an infected user logs into one of the targeted retailers’ card services and sees a pop-up message: "In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online. Please enter the information below to continue."

In the pop-up window, the user is asked to enter several pieces of sensitive information, such social security number and mother's maiden name.

"Merchants and card issuers invest a great deal in backend technologies for detecting fraudulent transactions. These systems represent an important security layer, however the increase in malware and phishing attacks that specifically target card information is making them less effective," Klein said.