Zeus has risen again, and we don’t mean the Greek god: Zscaler ThreatLabZ reports that a new Facebook worm is rapidly spreading the Zeus Banking Trojan.
According to Zscaler ThreatLabZ, the Zeus Banking Trojan logs on to the social network via compromised accounts and stolen credentials, proceeding to post photos which prompt users to download them. Users then receive a screen saver, complete with the Zeus Banking Trojan and other malicious files.
Zscaler ThreatLabZ Senior Security Researcher Mike Geide added:
Zeus is a Trojan designed to steal banking credentials. The newer variants of Zeus include P2P functionality making the botnet much more resistant to take-down.
Facebook continues to be a popular medium for malware attacks, given the easy propagation mechanism built into social networking. By definition, social networking is social. Facebook is built to easily allow people to share pictures, videos, and other content, and people trust what they are receiving from their friends. Malware, such as this recent example, can take advantage of the sharing mechanisms and users’ trust of their friends within social networking.
Geide has five suggestions on how to protect yourself from the likes of this Trojan, and one of his ideas includes installing Zscaler’s wares.
- Enable TLS/SSL encryption on Facebook whenever possible. This prevents sidejacking attacks and snooping when accessing Facebook from public locations.
- Install Zscaler’s free likejacking tool, delivered as a browser plug-in.
- Think about and limit what you share and who you share it with. For example, you can opt not to share your birthday (as it’s sometimes used in security questions); you can opt not to be checked into places, so that your locations aren’t tracked; and you can limit what the public sees, as well as groups of friends see.
- Think about and limit Facebook applications. Remove unwanted or unused Facebook applications. Review the permissions granted to Facebook applications before installing and using them.
- Log out of Facebook when you’re not using it.
Readers: Have you been victimized by the Zeus Banking Trojan or other digital malady?
Graphic courtesy of abuse.ch.