Gameover Zeus Malware
Targets Bank Accounts Via Phishing E-Mails
January 06, 2012
Cyber criminals have
found yet another way to steal your hard-earned money: a recent phishing
scheme involves spam e-mails—purportedly from the National Automated
Clearing House Association (NACHA), the Federal Reserve Bank, or the
Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’
computers with malware and allow access to their bank accounts.
The malware is appropriately called “Gameover” because once it’s on your
computer, it can steal usernames and passwords and defeat common methods
of user authentication employed by financial institutions. And once the
crooks get into your bank account, it’s definitely “game over.”
Gameover is a newer variant of the Zeus malware, which was created
several years ago and specifically targeted banking information.
Can You Protect Yourself?
How the scheme works:
Typically, you receive an unsolicited e-mail from NACHA, the Federal
Reserve, or the FDIC telling you that there’s a problem with your bank
account or a recent ACH transaction. (ACH stands for Automated Clearing
House, a network for a wide variety of financial transactions in the
U.S.) The sender has included a link in the e-mail for you that will
supposedly help you resolve whatever the issue is. Unfortunately, the
link goes to a phony website, and once you’re there, you inadvertently
download the Gameover malware, which promptly infects your computer and
steals your banking information.
After the perpetrators access your account, they conduct what’s called a
distributed denial of service, or DDoS, attack using a botnet, which
involves multiple computers flooding the financial institution’s server
with traffic in an effort to deny legitimate users access to the
site—probably in an attempt to deflect attention from what the bad guys
that’s not the end of the scheme: Recent investigations have shown that
some of the funds stolen from bank accounts go towards the purchase of
precious stones and expensive watches from high-end jewelry stores. The
criminals contact these jewelry stores, tell them what they’d like to
buy, and promise they will wire the money the next day. So the next day,
a person involved in the money laundering aspect of the crime—called a
“money mule”—comes into the store to pick up the merchandise. After
verifying that the money is in the store’s account, the jewelry is
turned over to the mule, who then gives the items to the organizers of
the scheme or converts them for cash and uses money transfer services to
launder the funds.
In many cases, these money mules are willing participants in the
criminal scheme. But increasingly, as part of this scheme, we see an
increasing number of unsuspecting mules hired via “work at home”
advertisements who end up laundering some of the funds stolen from bank
accounts. The criminals e-mail prospective candidates claiming to have
seen their resumes on job websites and offer them a job. The hired
employees are provided long and seemingly legitimate work contracts and
actual websites to log into. They’re instructed to either open a bank
account or use their own bank account in order to receive funds via wire
and ACH transactions from numerous banks…and then use money remitting
services to send the money overseas.
If you think you’ve been victimized by this type of scheme, contact your
financial institution to report it, and file a complaint with the FBI’s
Internet Crime Complaint Center.