“Hold onto your hats. A new version of the Zeus trojan, called Zeus3, has wreaked havoc on thousands of bank accounts worldwide, stealing just over $1 million,” Nicholas Deleon reports for CrunchGear.
Advertisement: Save up to $100 on a new Mac and printer only at Apple Store Online.
“The best part? There’s pretty much no way to detect the trojan if it’s on your system,” Deleon reports. “Hooray for humanity, right?”
“The trojan first popped up last month, and has drained more than 3,000 bank accounts,” Deleon reports. “M86 Security, the first group to discover the trojan, says: We’ve never seen such a sophisticated and dangerous threat. Always check your balance and have a good idea of what it is. …The scariest part is that the trojan, after clear out your bank account, serves up a fake bank statement page. It looks like you have all of your money, but you actually have $50 left in your entire account.”
Deleon reports, “Oh, it only affects Windows systems. But you knew that already.”
Full article here.
MacDailyNews Take: Hey, good thing you “saved” upfront when you bought that shiteous Windows laptop instead of that MacBook Pro you really wanted, Lauren. Surely, the hacker thieves thank you for the extra cash, you computer shopping genius.
MacDailyNews Note: A separate report from Computerworld NZ states that “the botnet included a few hundred thousand PCs and even about 3,000 Apple Macs.” It does not state whether these zombie Macs were running Windows (although one might suspect that to be the case). Regardless, participation in the botnet does not mean that the Mac users’ bank accounts were drained; it means that the Macs helped the thieves drain the bank accounts. If you have to run Windows on your Mac, do not use it to connect to the Internet unless you have to and never use Windows for your online banking. As always: Do not authorize software installs from untrusted sources.
@windowssufferers
Since Macs’ marketshare is about 10% (probably more), one would expect that 10% of viruses, trojan horses, worms are targeting Macs. The strange thing that Macs remain unaffected.
By the way, isn’t it more logical to target Mac users with this trojan. Everybody knows they have fatter bank accounts!
Let’s just be happy that this virus has found 3,000 of the poorest people in the world. 3,000 people had their bank accounts emptied and they’ve stolen /just/ over a million dollars? Let’s say that means 1.05 million.
1,050,000/3,000 = $350 each. Bank account emptied.
@flappo
“at least pc’s come in lots of pretty colours”
dear lord, that’s good.
MDN says: “If you have to run Windows on your Mac, do not use it to connect to the Internet unless you have to and never use Windows for your online banking. As always: Do not authorize software installs from untrusted sources.”
Agreed
1: You have to install a anti-virus and allow Windows updates. Microsoft Essentials is a free anti-virus. These are the only two good reasons to allow Windows access to the internet. Never turn off Windows Firewall unless your insane, you’ll be pwned in seconds.
2: However if you need Windows to access the internet after the reasons above, you should have Windows in virtual machine software like Parallels or VMFusion. (not Bootcamp!) This way when you run the updates you REVERT to a pristine, never before used on the internet “snapshot” of the Windows before updating.
The logic here is to assume your present copy of Windows is always infected, even if your anti-malware doesn’t catch it or it is pwned too and lying to you.
By dumping the entire OS you revert to a clean copy and update that version instead. Malware can come on USB sticks and via third party sources too. So even app installs, disks from friends may contain malware. Your pristine original “snapshot” of Windows should have had no contact with outside sources except the DVD it came upon.
Bootcamp should only be used for offline, high speed purposes. If you use it online, you should use software to clone Windows to another hard drive and disconnect it before allowing Bootcamp on the internet. This way when it gets pwned, you can use Bootcamp software to erase Windows and to clone it back again.
http://theappleblog.com/2010/01/12/how-to-image-os-x-and-boot-camp-to-a-new-mac/
For Mac’s a free anti-virus is ClamXav. Mac’s can carry Windows viruses to PC’s even though the virus has no effect on the Mac.
3: You need to update your browser plug-ins on a pristine, never before used on the internet copy of Windows. Java and Flash are NOT installed by default on Windows.
You should use this page to check your browser plug-ins status for any browser.
https://www.mozilla.com/en-US/plugincheck/
Flip 4 Mac is updated through System Preferences.
Apple handles Quicktime through Software Update and on Windows, which runs when it wants too unfortunately or if iTunes on Windows is run.
Apple has a special version of Java for OS X that they run through Software Update. No need to update that yourself.
Keeping your browser plug-ins updated is important, as this is a exploit window into Windows and OS X.
For much more additional protection use Firefox, NoScript, BetterPrivacy (flash cookies) Ghostery and Ad Block Plus (malware comes through poisoned ads) on Windows. Enable privacy mode if possible.
And the greatest advice, only use limited funds accounts online/banking/debit/credit/ATM/checking. What your willing to lose only. Turn off any overdraft protection at your bank on risky accounts. Transfer funds as needed in person from secure to less secure accounts.
Even though Mac’s are secure and you might be a tech genius, it’s the OTHER GUY’S hardware or a evil employee that will steal your account dry. So only allow them to get what your willing to lose.
And if you want to see something cool, look at CoolIris for Firefox.
I should mention that DeepFreeze is available for Mac’s and Windows.
It will not allow any changes to the hard drive, unless you allow certain folders to be changed, without a password.
If you reboot, the OS is reverted to the exact state it was frozen at.
This can come in handy for those who take care of others machines and they always mess it up somehow.
I access my accounts ONLY on my iPhone. not even on my MAC. A walled garden has its benefits
“It looks like you have all of your money, but you actually have $50 left in your entire account.”
Hey, that’s more than what was in there originally. I win!
Don’t use Windows at all! LOL
“Then, if the balance is higher than 800 euro or its local currency equivalent, the malware initiates a transfer to a mule account.”
hey, at least they have ethics! They won’t steal from you unless you have more than $800 euro!!
They should call it the “Robin Hood”
Time for a new campaign that shows how the Microsoft Tax is real. The Apple tax was just more BS for the biggest BS of them all. MS and Ballme! lol
@Jacob456
Wishful thinking on your part? Been bitten by Windows malware in the past, perhaps? Mac OS X is not invulnerable, but over the past decade it has proven to be far more secure than Windows.
By the way, all of those wasted clock cycles running anti-virus software apparently won’t help with this malware. That’s the problem with the majority of the anti-virus software – its primarily reactive. What you don’t know can hurt you.
I’ll continue to stick with the tried and true UNIX-based Mac OS X for now, thank you. If, someday, there is a propagated exploit for Mac OS X, then I will deal with the consequences. Until then, I am so much happier and less stressed than most Windows PC users (unless they are completely clueless). That makes each day more valuable to me.
why does that PC banner ad link to Apple?
If the trojan is undetectable how do they know about it?
I agree though, don’t do IB on a PC
@ HotinPlaya
Don’t you mean “Robbing Hood?”