{"id":1809,"date":"2010-01-19T16:09:57","date_gmt":"2010-01-19T21:09:57","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/?p=1809"},"modified":"2021-08-08T18:22:35","modified_gmt":"2021-08-08T22:22:35","slug":"zeus-raids-school","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/zeus-raids-school\/","title":{"rendered":"Zeus Raids School"},"content":{"rendered":"

\"Zeus<\/a>A New York school district<\/strong> was a victim of an apparent Zeus trojan attack<\/strong> which appears to have netted nearly $500,000<\/strong>. InformationWeek<\/em><\/a> is reporting that the FBI<\/a> and New York State Police Cyber Crime and Critical Infrastructure Unit<\/a> are investigating an attempt last month to steal about $3.8 million<\/strong> from the Duanesburg Central School District<\/a> near Schenectady, New York<\/a>.<\/span><\/span><\/p>\n

According to the January 6 article, online thieves made a series of unauthorized funds transfers<\/strong> from the school district’s NBT Bank<\/a> account to an overseas bank<\/strong> between December 18 and 22, 2009. The third transfer during this period was flagged as abnormal activity by the bank, which began blocking pending transactions after the school district confirmed the transfers had not been authorized. Working with foreign banks, NBT Bank recovered about $2.5 million out of $3 million stolen<\/strong> during the four-day period, but two previous unauthorized transactions were discovered.<\/p>\n

Thanks to NBT Bank’s aggressive pursuit of the stolen funds, we are fortunate that the vast majority of the money has been recovered,<\/em>” wrote Superintendent Christine Crowley in a letter on Monday to district parents and community members. “However, $497,200 of Duanesburg taxpayers’ money is still missing, and we are committed to doing everything in our power to recover the remaining funds.<\/em>”<\/p>\n

The district website<\/a> says, “At this time, we do not have any more information on how this happened and do not expect to have any more information to share until the investigation concludes.<\/em>”<\/p>\n

Security researchers at Trusteer<\/a> point out in a recent DarkReading<\/em><\/a> article<\/a> that Zeus is detected only 23 percent of the time<\/strong> by up-to-date anti-virus applications. The massive Zbot<\/strong><\/a> botnet<\/strong> is made up of 3.6 million PCs in the U.S.<\/strong>, according to Damballa<\/a> data\u00a0 The malware steals users’ online financial credentials<\/strong> and moves them to a remote server, where it can inject HTML<\/strong> onto pages rendered by the victim’s browser to display its own content mimicking, for instance, a bank’s Web page.<\/p>\n

Zeus’ infection rate is higher than that of any other financial Trojan. We are seeing actual fraud linked to Zeus — accounts being compromised, [and] money transferred from accounts of customers infected with Zeus,<\/em>” Mickey Boodaei<\/a>, founder and CEO of Trusteer told DarkReading<\/em>. “When we investigate some of our banking customers’ [machines infected by it], we find evidence of abuse on the computer, so we know this crime ring is very active and dangerous.<\/em>”<\/p>\n

The security blog says that organizations can\u2019t control the transmission vectors<\/strong>, which are increasingly social networking<\/strong> and\/or webmail applications. Given the high degree of user trust and huge user populations, malware developers have been targeting social networks aggressivel<\/strong>y (webmail is a well-established transmission vector). Some of the threats come in the form of social network-specific threats<\/strong> (e.g., koobface, fbaction), but many times they\u2019re re-using existing or older threats delivered in a new, hybrid way \u2013 exploiting the trust associated with social networks<\/strong> \u2013 which has given threats like Zeus a huge boost. If you can\u2019t control the transmission vector, it\u2019s much harder to manage the threat\u2026especially when users click first, and think later<\/strong>.<\/p>\n

Related articles<\/h6>\n