That's what worries Gary Warner, director of computer forensics research at the University of Alabama at Birmingham, who has been closely monitoring several criminal groups using Zeus. Typically Zeus steals information from banking credentials and then uses that information to move money out of internet accounts. In the past year, however, Warner has seen several Zeus hackers try to figure out what companies their victims were working for.
In some cases, criminals will display a fake online banking login screen that asks the victim for a phone number and name of their employer. On Internet forums, you've seen hackers speculate about how they might sell access to computers associated with certain companies or government agencies.
"They want to know where you work," he said. "Your computer might be worth a deeper exploration because it could provide access to the organization."
This is troubling because Zeus could be a very powerful tool for stealing corporate secrets. It allows criminals to remotely control their victims' computers, review files and record passwords and whatever is typed. With Zeus, hackers could even use as an access tunnel to the victim's computer to break into corporate systems.
However, there are other reasons why the creators of Zeus might want to know where one works. They could simply be trying to figure out what information is most valuable, said Paul Ferguson, a security researcher at Trend Micro. "A welding company could leave more money than, say, a Scout Girl patrol," she said in an instant message.
Still, Ferguson believes criminals could make money by selling access to computers belonging to employees of certain companies. "I haven't seen it personally, but these guys are very twisted."
This type of targeted corporate espionage has become a big problem in recent years, and many companies, including Google and Intel, have been hit with these types of attacks.
Police arrested more than 100 alleged members of a Zeus gang last week, but that doesn't end the problem. Zeus is widely sold for criminal use, and security experts say there are dozens of other Zeus gangs out there. The group responsible for last year's Kneber worm outbreak is thought to be the largest Zeus team still in operation.
If Zeus operators really start touting their crimeware as corporate access backdoors -- and Warner believes this is already happening -- that could mean new problems for corporate IT.
The biggest problem could be for home computers and laptops that are outside of corporate firewalls and still have access to company information over the Internet. Those systems can suddenly become a risk to IT employees, Warner said.
Inside the firewall, a computer that suddenly starts sending information to Russia will be noticed immediately. But that might not be the case with a home computer. "If you're an employee of a place that gives you access to sensitive information, your company needs to take care that you don't have a malware infection at home," Warner says.
The problem could be solved either by not allowing people to work from their home PCs or by providing employees with computers that can only be used for work," Warner said.
Translation: Raul Batista - Segu.Info
Author: Robert McMillian
Source: Computerworld
Authors: Computer Security News
