http://voices.washingtonpost.com/securityfix/2009/10/zeus_trojan_turns_smash_grab_i.html
I just read the above article about a nasty variant of the Zeus Trojan that not only steals your hard-earned (or raised) cash, but then also goes on to kill your computer. In layman’s terms, this is a nasty “double-whammy” Trojan and not only is the victim left without an operational computer, they probably also no longer have any savings left in their bank account to be able to repair the computer or buy a replacement. Ouch!
Although we have seen the nasty Zeus Trojan on the internet crime scene for some time and although we have read about other cases where victims have been robbed of hundreds of thousands of dollars (our above example lost US$87,000!), this is the first time we have seen Zeus coupled with a “KOS”(kill operating system) command that basically does as its name implies; kills your operating system!
I have seen only three “transactional security” technologies available globally that have the smarts to “lock-down” your online transaction session and stop any malware on your computer from stealing your confidential information (such as password, online ID etc) and passing it on to the cyber criminals.
1) The first such technology is a simple browser plug-in (add-on?) out of Israel which only works with internet explorer and firefox (that there is a problem in itself since i prefer to use two other browsers, and as such, I will not be protected from the onset if I continue to use my browsers of choice). The other fundamental issue with this technology is that although it protects your online session, it doesn’t care for the state of the forensics running deep within your computer hardware and operating system. Hence, it wouldn’t have ever alerted you to the fact Zeus was on your computer, and although it might have saved you from the online theft, you probably wouldn’t be reading this blog since your computer is RIP in computer cemetery as a result of the KOS attack.
2) The second technology is a sand-box browser offering out of the USA which protects you during online transactions, so long as you use the safe browser they provide you with (once again this is an issue for me since I prefer using only two browsers and I really cant be bothered changing browsers while I’m online just to check my bank balance or pay a bill). Oh, in addition this offering will also fail to alert you of the Zeus infection since it simply assumes your computer is always infected. Yes, it would’ve saved you from the online theft if you were infected with Zeus, but your computer would also be RIP in computer heaven as we speak.
3) The third technology not only offers secure “lock down” transactions, it does so regardless of which browser you use. Yes, you are free to use them all - internet explorer, firefox, chrome, opera, safari, avant etc. Oh, and this clever technology also contains a kernel forensics engine which in a matter of seconds interrogates everything running on your computer (yes, i said SECONDS, not HOURS) and kills anything unauthorized or malicious while alerting you to the threat and providing you with relevant info on how to remove the threat from your computer. So in the above case, this technology would have alerted you to the fact that Zeus was running, informed you of the removal process, killed the process in real-time and protected you during your online transaction. In layman’s terms, you’d still have your savings in your bank account as well as your beloved computer..
Now that’s what we call online peace of mind.
