Screen Injection Webinar – All Your Users’ Credentials Belong to Zeus

Update: the link below was going to the wrong place for a while.  It has been updated and should be correct now.

For those of you who have followed the press coverage of the Zeus malware, you might be wondering about the various functions available within Zeus.  In this webinar we’ll get into the details about one particular function: screen injection (aka parameter injection).

The webinar will be February 23 at 10am Pacific time.  If you want to participate, you can register here.   Unfortunately, because of the sensitive nature of some of the things we’re going to show in the webinar, we’re restricting participants to people who work for brands targeted by Zeus and law enforcement.  If your webinar registration is denied and you believe you fall into one of these groups, please let me know.

Abstract:

The financial services industry has responded to the inadequate security provided by username/password authentication with widespread deployment of two-factor authentication. However, criminals behind the leading banking Trojans have been innovating as well. Their latest advance – screen injection – has been successfully integrated into the Zeus, Clampi and URLZone  data theft Trojans. According to the FBI, this new ability to defeat multi-factor authentication has led to more than $40 million in online banking theft from the US alone. Understanding screen injection is critical for everyone concerned with online security.

In this webinar, Laura Mather, Ph.D, Founder of Silver Tail Systems, will give a detailed explanation of screen injection.  She’ll provide a quick overview into the general nature of the “Man in the Browser” data theft banking Trojans and then dive into the operational details of screen injection as it has been weaponized in the Zeus malware.

We will conclude with live demonstrations of screen injection from the victim’s perspective. Using first a clean computer and then an infected computer, you will see screen injection at work on many US banking sites stealing ATM PINs, social security numbers and answers to secret questions. The challenges of detecting this devious attack and possible solutions will be discussed.

If you are concerned about the latest criminal innovations,  this webinar will give you an in-depth understanding of one of the key criminal techniques.  Find out before your organization becomes a victim. 

February 11, 2010 Posted by Laura Mather | Fraud, Man-in-the-Browser, Zeus | malware, Man-in-the-Browser, screen injection, Zeus | Leave a Comment

Even more on Zeus

There has been a fair amount of interest in the Zeus blogs, so I thought I’d continue in that vein.

Bruce Schneier has an interesting article about how to beat second factor authentication.  One of the methods (trojan) describes the methodology that Zeus uses to get past second factor authentication.

Trojan attack. Attacker gets Trojan installed on user’s computer. When user logs into his bank’s website, the attacker piggybacks on that session via the Trojan to make any fraudulent transaction he wants.

Bruce gives some examples and talks about how second factor authentication is not going to solve all identity theft problems.  This is a worthwhile read if you want to know more about how bad guys are beating strong authentication.

September 22, 2009 Posted by Laura Mather | Detection, Fraud, Man-in-the-Browser, Phishing, Zeus | second factor authentication, Zeus | Leave a Comment