Zeus Trojan Blamed for Data Theft via Instant Message

A Trojan called the Zeus Trojan is was blamed for allowing online banking attacks and now is the culprit for employing instant messaging as a means for obtaining a computer users login credentials.

In the past there have been other password-stealing Trojans such as the Sinowal parasite which was discovered in 2008. With the Zeus Trojan, security company RSA, has discovered that it has an ability to use an instant messaging component to alert hackers when they have captured a person's online banking login credentials.

The malicious actions of Zeus start off with hackers setting up two Jabber accounts, one for sending information and the other for receiving. Jabber is an instant messaging service based on XMPP (Extensible Messaging and Presence Protocol), which is an open standard for instant messaging. Then there is an attacking on the Jabber module where the Zeus parasite is able to obtain log-in information and send it to a remote server. After that happens, the comprised Jabber module looks for specific financial information being transmitted. The data is then transferred to a hacker via instant message.

You may think that this is pretty clever and in a way it is with the exception of the perfect conditions must prevail for this to happen. Zeus must first be customized to meet the needs of a particular hacker. That means Zeus can be coded to only record log-in credentials or send other types of compromised data via instant message.

There is a list of Zeus-related domains circulating over the internet, compromised of upwards of 802 malicious hosts in total. Zeus is more or less a type of crime-ware toolkit or pre-programmed botnet that attackers could purchase for the purpose of stealing information from their victims. Zeus has been on the security radar for some time and it is expected to be a Trojan that network administrators be forewarned of before it is able to compromise credentials from its users.

Do you fear a hacker obtaining personal information from your use of an instant messenger application?