The Zeus/Zbot banking Trojan is reported to be attacking the Verified by Visa and MasterCard SecureCode verification systems introduced in recent years to stop old-style card not present (CNP) fraud.

Security company Trusteer, which has carved out a speciality in reporting on Zeus/Zbot bank Trojan activity, does not say where and how it encountered the latest attack, but reports that the it is aimed at customers of 15 unnamed US banks.

Exploiting a man-in-the-middle browser attack when it encounters a desired bank login on an infected PC, the malware intercepts and spoofs the enrollment process through which credit card users are signed up for the first time by both major issuers, Mastercard and Visa, throwing users a convincing screen.

This captures a range of sensitive information that could be used to carry out CNP fraud, including social security and card numbers, and PIN or card verification codes. This data is sent in real time to a server run by the attackers.

An image of the bogus screen can be seen here.

Normally, once this enrollment has been set up, only a password is asked for by the system when purchasing items online, which is why the attackers have gone after new users joining the system. An established user would not, presumably, be vulnerable unless they entered the password they created when they signed up originally.

Read the full article at Techworld.com