malware campaign targeting Facebook, Google Mail, Hotmail and Yahoo user debit card data has been linked to the infamous Zeus Trojan.
Zeus is one of the most prevalent pieces of financial malware on the Web. During the past several years, Zeus variants have been linked to major criminal operations around the globe, including one that prompted the FBI to issue a warning in January. In that case, a variant known as Gameover was observed stealing password and user name information for financial institutions.
According to security firm Trusteer, the attack uses a peer-to-peer version of Zeus and varies slightly from site to site. In the Facebook version of the attack, the malware uses Web injection to present victims with a fake 20 percent cash-back offer if they link their Visa or MasterCard debit card to their Facebook account. The victim is then prompted to enter their debit card number, expiration date, security code and PIN and told that that once they register their information, they can earn cash back by purchasing Facebook points. Read More