*Zeus* is a Trojan Horse Virus, one of the worst on the Internet. During the past four years it has infected millions of computers around the world taking control and stealing banking details. Who is the person responsible? No one knows, but, it is believed that he or she is Russian.
A battle has been fought between Zeus and Microsoft, and while it is one of the most difficult types of Malware to actually detect, the worry now is not home computers. A new strain of Zeus has been dubbed *Zitmo* – which stands for Zeus in the mobile. This malware has started to exploit a hole in personal banking security – the Smartphone you carry with you.
Just in the past fortnight this new version of Zeus has been attacking mobile phones that use the Android Operating System. This is naturally causing intense concern amongst security companies. Trusteer a major Internet Security Provider has claimed that Google Android is a *fraudsters Heaven* – *Fraudsters now have all the tools they need to effectively turn mobile malware into the biggest customer security problem we’ve ever seen* Chief executive Mickey Boodaei said recently in a blog.
However it’s not just Zeus that customers with smart phones should be worrying about. MWR InfoSecurity in Britain legally hacks into computers to test their security, and recently it has turned its attention to smart phones and they have found that it can crack open any new handset it sees.
*You cannot be assured of security with modern smart phones. As soon as the handset is compromised, then any data is up for grabs.* said Alex Fidgen of MWR InfoSecurity. *The mobile phone industry is not fit for purpose, especially for financial transactions*
The fault seems to lie more with the makers of the handsets rather than with the banks or network providers. In the race to bring new phones with more features into the market many have left security features low on the agenda. Many modern smart phones when used in public Wi-Fi hotspots can become fatally compromised. There are many ways for a Trojan to enter a smart phone, from simply clicking on a link or attachment that contains a virus, within seconds it has secretly gained control.
That link could be a vCard – the standard format for sending a business card to a phone, accessing a website in a café, or it could be a TinyURL in Twitter. Known as *Evil Twins* fraudsters create bogus gateways at Wi-Fi hotspots, to which the latest mobile phones will connect to. Once that connection is made all the information travelling through that gateway can be decrypted or read directly – this allows fraudsters to access messages, passwords and user names.
While attacks have been rare, experts predict it is only because smart phones are still taking off. Over at Trusteer, Mickey Boodaei predicts that in 12 to 24 months time more than one in twenty Ipads, Iphones and Android Phones could become infected by mobile malware.
So, which is safer?? Apple Iphones or the Android based system??? MWR InfoSecurity says that Apples security from viruses doesn’t extend to their mobile devices. *Both platforms have problems. The Android market has quite a reputation for serving malware regularly, whereas Apple seems to be in better control of the content of the App Store. Android, however, has Sandbox [a security feature], which limits the impact of malicious or vulnerable applications. This can help limit the effectiveness of the malware, a feature that does not exist on the Apple platform.*
Blackberry phones have been considered much safer to use, due mostly to the fact that their makers RIM keeps the details of their platform secret which is making it harder to attackers to write malware.
All the experts are in agreement when it comes to *Jail breaking* – the process by which the limitations placed on the Iphone and Ipad devices by Apple are removed this leads to much wider security threats.
The simple question is – why not add an anti-virus software/programme to your smart phone? The answer is quite simply that many of the phones have been so badly built in the first place that any antivirus programmes just wouldn’t be much help.
Reported recently in InformationWeek – a respected US Technology magazine – was a warning that a new approach by Zeus/Zitmo tricks home PC users into downloading it onto their Smartphone. The Trojan simply sleeps on the Home PC till the user logs into their bank website. It wakes up, and asks the user to download a new security device onto their mobile phone to complete the bank login procedure. In reality it is the Zeus Trojan taking control and now infecting the user’s phone.
At the center of Zeus is the Russian developer who writes the source code and is selling the programme to those in the criminal underworld. He sends out patches and updates so every time Zeus is detected it bounces back again.
In 2007 Don Jackson who works for SecureWorks was the person who first discovered it.*Zitmo has all the hallmarks of the original author of Zeus. This brand new version is his flagship new product, which he’s making available to a select few. He writes it, sells it for huge amounts of money, and even supports his ‘customers’ to rid it of any bugs that develop GUARDIAN*
Over and out