The Zeus Trojan is in the news once again for its success in stealing money from multiple banks. Eweekeurope.co.uk reported that “Operation Trident Breach”, a FBI named operation, was successful in arresting multiple people in multiple countries. The criminal group using the Zeus Trojan successfully stole up $70 million from US banks and 6 million from UK accounts.
The Trojan can be purchased for as little as a few thousand dollars with other plug-ins being purchased for hundreds of dollars each, including exploits for Windows 7 machines. Such a low cost purchase has yielded a huge return for the cyber criminals, except for the fact they got caught.
Zeus is only the most recent example of a successful Trojan targeting user banking accounts. Luckysploit crimeware kit was used last year in targeting German customers as reported by Finjan Malicious Code Research Center in September 2009.
This is just one report of many that has been released of cyber criminals targeting the banking industry. Banking IT is vulnerable due to the amount of online transactions that take place and the fact that their “network” extends out to their user-base, and therefore client based attacks become a primary concern.