10:09 AM
Connect Directly

Zeus Malware Found to Be Targeting Citrix Users

The latest version of the popular (with criminals) malware is designed to steal Citrix login credentials.

Recent Zeus malware configurations are targeting Citrix VPN gateways, according to security software company Trusteer. The latest instances of Zeus are configured to capture login credentials from Citrix users. Amit Klein, CTO and head of research at Trusteer, spoke with us about the new malware behavior and what banks can do about it.

"Zeus is definitely the most prevalent html injection malware out there," Klein says. "We've seen Zeus botnets target hundreds of thousands of computers." He notes that Zeus software is licensed for multiple fraud rings and that there's an entire market based around selling Zeus modules and extensions, software and services. "Zeus is feature-rich malware, it enables you to do whatever you like. It has good configuration options compared to other malware, it's very sophisticated, and it has many features you don't see in other kinds of fraud. It's like a Cadillac versus a low-end car."

Banks that use Citrix for employee and branch access are particularly vulnerable to the latest strains of Zeus, in which the malware is instructed to capture a screenshot of the text within the mouse's vicinity when the left button is clicked and when "citrix" appears in the browser address bar. The malware is trying to capture login credentials from users of the Citrix Access Gateway, an SSL VPN solution businesses use to provide remote access to applications and data in their networks. Once inside this gateway, criminals could potentially access any data in the organization, Klein says.

What best practices should banks deploy to deflect such attacks? They should limit VPN access to specific applications and users, keep malware up to date (especially on remote devices), use a secure browsing service to protect VPN connections, and educate employees about security. Although efforts to educate consumers about computer security threats have not been a big success, Klein acknowledges, in the corporate world employees have more reason to comply.

Home users are probably more vulnerable to botnets than in-office computers, "but the corporate network is not watertight, especially if employees are allowed to browse the internet," Klein says. "You do get hit by drive-by downloads and get infected."

Still, Klein does not see this as the biggest security threat banks face: "If I were in charge of a bank IT department, I would be worried about online banking in the consumer world, that's the worst threat," he says. Mobile banking fits in this category. "To be sure, criminals follow the money, and where there's money to be had or stolen, they'll be there," he says.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.