Malware That Drains Your Bank Account Thriving on Facebook

Photo
On a popular NFL fan page, fake Facebook profiles post links to Internet addresses controlled by the Russian Business Network, an online criminal gang accused of various online crimes, ranging from identity theft to child pornography. Credit


In case you needed further evidence that the White Hats are losing the war on cybercrime, a six-year-old so-called Trojan horse program that drains bank accounts is alive and well on Facebook.

Zeus is a particularly nasty Trojan horse that has infected millions of computers, most of them in the United States. Once Zeus has compromised a computer, it stays dormant until a victim logs into a bank site, and then it steals the victim’s passwords and drains the victim’s accounts. In some cases, it can even replace a bank’s Web site with its own page, in order to get even more information– such as a Social Security number– that can be sold on the black market.

The Trojan, which was first detected in 2007, is only getting more active. According to researchers at the security firm Trend Micro, incidents of Zeus have risen steadily this year and peaked in May. Eric Feinberg, founder of the advocacy group Fans Against Kounterfeit Enterprise (FAKE), has noticed an uptick in Zeus-serving malicious links on popular N.F.L. Facebook fan pages such as one created by a group called “Bring the N.F.L. To Los Angeles.”

Mr. Feinberg said he had noticed an increase in such pages and malicious links in recent weeks. He sent those links to Malloy Labs, a security lab, which confirmed that the links on these pages were serving up Zeus malware. The malware was being hosted from computers known to be controlled by a Russian criminal gang known as the Russian Business Network, which has been linked to various online criminal activities, ranging from malware and identity theft to child pornography.

Mr. Feinberg said he has tried to alert Facebook to the problem, with increased urgency, but wasn’t satisfied with their response. A Facebook spokesman directed this reporter to a previous Facebook statement reminding users that it actively scans for malware and offering users the opportunity to enroll in self-remediation procedures such as a “Scan-And-Repair malware scan” that can scan for and remove malware from their devices.

Mr. Feinberg said that after-the-fact approach was hardly sufficient. “If you really want to hack someone, the easiest place to start is a fake Facebook profile– it’s so simple, it’s stupid.”

“They’re not listening,” Mr. Feinberg added. “We need oversight on this.”