FYI...Zeus P2P variant exploits... steal Debit Card Data
May 15, 2012 - "... recently discovered a series of attacks being carried out by a P2P variant of the Zeus platform
against some of the internet’s leading online services and websites. The attacks are targeting users of Facebook, Google Mail, Hotmail and Yahoo – offering rebates and new security measures. The scams exploit the trust relationship between users and these well-known service providers, as well as the Visa and MasterCard brands, to steal users’ debit card data
. In the first attack against Facebook, the malware uses a web inject to present the victim with a fraudulent 20% cash back offer by linking their Visa or MasterCard debit card to their Facebook account
. The scam claims that after registering their card information, the victim will earn cash back when they purchase Facebook points. The fake web form prompts the victim to enter their debit card number, expiration date, security code, and PIN...
Malware web inject presented to Facebook users ^
... In the attacks against Google Mail, Hotmail and Yahoo users, Zeus offers an allegedly new way of authenticating to the 3D Secure service offered by the Verified by Visa and MasterCard SecureCode programs. To complete an online transaction many merchants require cardholders to authenticate using their personal 3D Secure password... The scam that targets Google Mail and Yahoo users claims that by linking their debit card to their web mail accounts all future 3D Secure authentication will be performed through Google Checkout and Yahoo Checkout respectively... The victim is prompted to enter their debit card number, expiration date, security code, and PIN... leveraging the Verified by Visa and MasterCard SecureCode brands to make the scam more credible
Malware web inject presented to Gmail users ^
Malware web inject presented to Yahoo users ^
... The attack against Hotmail users is similar to the Google Mail and Yahoo scam... The offer states that the service will prevent purchases from being made on the internet with the card unless the Hotmail account information and additional password are provided. The webinject requests the same information (debit card number, expiration date, security code, and PIN) as in the previous two scams.
Malware web inject presented to Microsoft Hotmail users ^
... These webinjects
* are well crafted both from a visual and content perspective, making it difficult to identify them as a fraud... the fraudsters are using the fear of the very cybercrime they are committing to prey on their victims."