Zeus Variant Can Defeat Two-Factor Authentication

By Tracy Kitten, December 2, 2011

The Federal Bureau of Investigation has issued a warning about a new Zeus malware attack targeting commercial bank accounts, ultimately leading to incidents of corporate account takeover. The Zeus variant used: a malware called Gameover, which the FBI says is able to defeat several forms of dual-factor authentication.

To protect themselves, the FBI suggests consumers and businesses pay attention to suspicious e-mails. In the case of the Gameover attacks, e-mails purporting to come from NACHA-The Electronic Payments Association contained malicious links. NACHA does not traditionally send e-mails directly to businesses or consumers. Receipt of a direct e-mail from an organization such as NACHA should raise a red flag.

But according to the FBI's Denver Cyber Squad, it's not just phishy emails and dual-factor get-arounds that have made the Gameover attacks forces to be reckoned with. As it turns out, the fraudsters behind this scheme combined a number of tactics, including the use of money mules and denial of service attacks, to con businesses and banks out of funds.

To read the entire article, click here: http://ffiec.bankinfosecurity.com/articles.php?art_id=4295&rf=2011-12-02-eb&elq=5209da99abcc4e7b8fa7af3303c5ca23&elqCampaignId=904