Popular IT security site TechCrunch Europe served up a Zeus trojan -installer PDF file to its visitors last week and, says leading provider of secure browsing services Trusteer, the infection is down to the rising tide of Zeus attacks.
According to Mickey Boodaei, Trusteer's chief executive, one of the Javascript files of the TechCrunch site was modified by hackers to open an IFRAME, which in turn delivered a PDF file with a nasty Zeus infection.
"The bad news about this infection, which lasted several hours on Monday of last week, is that - as security researcher Rik Ferguson says in his blog
(http://bit.ly/bL2Jjx) - just two of 43 IT security applications can detect this malware variant," he said.
"Computerworld, meanwhile, says that Google Safe Browsing search of TechCrunch Europe's site shows suspicious activity occurring twice over the last 90 days (http://bit.ly/cJBKE9) with 58 of the 128 pages visited delivering an infection," he added.
Boodaei, whose company supplied free in-browser security software to a growing number of banks worldwide, says the TechCrunch fiasco is all part of the rising problem of Zeus infections.
The number of users who are infected with Zeus, he says, has increased over the past month due to aggressive distribution attempts made by fraudsters.
The two leading infection routes, he explained, are compromised website that serve up a Zeus infection to visitors and spammed emails that include Zeus as an attachment or link.
And whilst the quantity and hacking quality of these attacks have increased, Trusteer is also seeing a drop in antivirus detection rates for Zeus as this example shows - http://bit.ly/dic6i7.
"Trusteer warned a while ago that the newer version of Zeus is very effective in avoiding detection by IT security software and the increased Zeus infection rates demonstrates this," he said.
"We estimate that fraud losses due to Zeus specifically are going to triple in 2011 due to the increase in distribution and lack of coverage by antivirus vendors. This latest infection of the TechCrunch Web portal is just the tip of the iceberg," he added.
"The good news is that, if users of HSBC, Natwest, Santander and other UK banks download a copy of our free Rapport in-browser software, even if they are infected, the software will prevent their e-banking credentials from leaking."
Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables banks and online businesses to protect sensitive data such as account holder credentials from malware by locking down the browser and creating a tunnel for safe communication between the web site and customers’ machines. It also prevents phishing by validating site authenticity. Trusteer Flashlight allows remote, effective, and instant investigation of malware-related fraud incidents. Trusteer’s solutions are used by more than 60 leading financial organizations in North America and Europe and by more than 11 million of their customers. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper.