Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime Security Worms IT Your Rights Online

Gang Arrested For Stealing Millions Using ZeuS 66

Orome1 writes "Nineteen people were arrested yesterday in the UK and are suspected of being part of an Eastern European gang that used the ZeuS Trojan to steal online banking credentials from unsuspecting victims and siphon around £2 million per month to their accounts."
This discussion has been archived. No new comments can be posted.

Gang Arrested For Stealing Millions Using ZeuS

Comments Filter:
  • why not (Score:3, Funny)

    by rossdee ( 243626 ) on Wednesday September 29, 2010 @09:24AM (#33734134)

    Religions have been using to steal money from the believers for thousands of years, its about time the ancient Greeks had a go at it...

    • What does this have to do with the subject except that the name of the Trojan refers to a Greek "god"?

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Close but no cigar.

              Trojan refers to the citizens of the city of Troy, which is now known as Truva, Turkey. There is not a Greek god "Trojan" nor "Troy".

            They were contemporary to the great Greek empires, but as I recall they were not themselves Greek. Well, we know how wars and domination during the period went, any particular place in the area could be under a variety of empires, and likely change empires frequently.

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          ZeuS, you dolt

        • Close but no cigar.

          Trojan refers to the citizens of the city of Troy, which is now known as Truva, Turkey. There is not a Greek god "Trojan" nor "Troy".

          They were contemporary to the great Greek empires, but as I recall they were not themselves Greek. Well, we know how wars and domination during the period went, any particular place in the area could be under a variety of empires, and likely change empires frequently.

          He was talking about Zeus. "No cigar" indeed!

          What is it with /. this morning? Is it just me or is it full of pompous know-it-all assholes who are quick to shoot first and ask questions later at the slightest hint of an error in a post?

    • Whoever modded that down has no sense of humor or way too much religious sensibility.

    • by BillGod ( 639198 )
      Glad it was you and not me. I was just getting ready to post almost the same thing. If I had mod points I would mod you up. I thought it very witty.
  • I wonder how much more money should be stolen until Microsoft is held responsible for the non-security of Windows. I am not saying this for karma, I know that Microsoft Eulas say they are not responsible for anything, but I wonder for how long should that be acceptable, given the ubiquity of Windows.

    If you think I am karma whoring, replace 'Microsoft' with anyone writing software running on millions of machines. Shouldn't software houses of that magnitude be held accountable for at least something like this

    • by Spad ( 470073 ) <slashdot@ s p a d . co.uk> on Wednesday September 29, 2010 @09:37AM (#33734258) Homepage

      Why though? If Joe User is dumb enough to run "JustinBieberNaked.exe" as root/admin/whatever then no amount of OS security will prevent the machine from being compromised. The weakest point of any system is always between the keyboard and the chair.

      Now if you're talking clear negligence in not fixing known issues, etc. then perhaps you have a case, but then why drawn the line at big companies, surely everyone should be equally liable even if they're a one-man operation working out of their bedroom?

      • Comment removed based on user account deletion
        • Re: (Score:3, Insightful)

          by Jurily ( 900488 )

          You sound like a person blaming women being raped because she dresses sexy.

          The people we're talking about are not just dressing sexy, they're walking in a prison, pulling their pants down and yelling "Come and get it, boys!".

          • You sound like a person blaming women being raped because she dresses sexy.

            The people we're talking about are not just dressing sexy, they're walking in a prison, pulling their pants down and yelling "Come and get it, boys!".

            Actually, grandparent's analogy, compared to yours, seems more adequate.

            While such people are endangering themselves by being ignorant, it is in no way their fault. Deciding what is safe or not to run is not exactly intuitive for someone with little knowledge on computers, yet if they don't explore and experiment by themselves, they are not likely to learn anything.

            An user that runs "JustinBieberNaked.exe" as root simply knows no better. Ignorance is not a crime. Unauthorized access and theft, however, are

      • Its not that people run JustinBiebernaked.exe... Its that they're downloading photoshop illegally :)

      • "The weakest point of any system is always between the keyboard and the chair."
        On behalf of computer desks everywhere I take offense to that.
    • Shouldn't software houses of that magnitude be held accountable for at least something like this?

      Absolutely not.

      • Re: (Score:2, Informative)

        by darpified ( 698235 )
        Some accountability for their software, but this isn't the time or place for it. How many of these were cases of the user of the OS doing something stupid? At some point the user of the device needs to be held accountable for not properly patching/updating the device. If the software is something truly important, Space Shuttle O2 system, nuclear power plant, etc... Yes, they should be accountable for defects, but not because Facebook User #2,290,231 clicks on a malicious advertisement and gets malware in
    • Re: (Score:2, Informative)

      by Narcocide ( 102829 )

      Yes, despite an EULA that disavows them from any responsibility they actively market to the government, the military, and other purveyors of critical infrastructure and flat-out *lie* about its suitability for these purposes. This is criminal activity and should be addressed. At the very least there should be a warning label on the box - something like the government requires on other hazardous consumer goods like alcohol, tobacco, pesticides and household cleaners.

    • Re: (Score:3, Insightful)

      Should builders be accountable if your back door can be cracked with a simple crowbar? Breaking in is easier then keeping things or people out. In fact, it is so difficult to keep people out, that security is only added for "too easy" breaches. And then raised as necessary. And off course it must be used wisely. For a lot of vulnerabilities, you still have to invite the vampire in first.
      • by v1 ( 525388 )

        security is only added for "too easy" breaches. And then raised as necessary.

        And windows of course doesn't NEED more security than say, it has NOW. (zeus botnet just isn't bigtime enough yet, costing consumers a paltry 2mil)

    • Re: (Score:2, Interesting)

      by markusre ( 1521371 )

      My heart tells me to bash MS, too.
      But in this case..... heres my login message:

      "Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
      permitted by applicable law."

      So in this case Debian(and i think this is true for most linux distributions) is similar to windows.
      Please note that i refer to the notice, that it's not responsible and NOT to the actual amount of security issues.

      • Microsoft isn't quite so forthcoming in their licence agreements, but instead of just coming out and saying "no warranty", they hedge their terms in such a way as to mean the same thing and to require platoons of lawyers to break. Thing is, not one of any of the *nix OSs (including OS X) is vulnerable to this (or pretty nearly any other) exploit in the first place.

        It doesn't work to claim that the unixy OSs don't get hit because they rely on security through obscurity. The simple fact is, they are more s
    • It's an interesting thought, and not one I necessarily disagree with, but the inevitable analogies crop up:

      - Should auto makers be accountable when people speed?
      - Should gun makers be accountable for deaths caused by their products?
      - Should websites be accountable for the content participating users share?

      In my mind these are listed from most to least absurd, and the last is even relevant. We've got laws in place protecting websites (the whole boring Craigslist thing notwithstanding) and software isn't so

    • Not if Microsoft is doing their honest best to make their software secure, but someone finds a way to break in. However, what if it is discovered that Microsoft intentionally leaves vulnerabilities in their software - and perhaps even surreptitiously leaks the vulnerabilities over time? This would force users into applying updates that close the vulns, but may have ulterior purpose to Microsoft, such as degrading performance incrementally. Eventually this would force an upgrade (sooner that than otherwise
    • That's a user issue.

      If I choose to wear a gasoline-soaked jockstrap while toasting marshmallows, I should expect toasted yarbles as well.

  • by Freddybear ( 1805256 ) on Wednesday September 29, 2010 @09:55AM (#33734508)

    Grabbed too much. Set off flags at the banks. Did the deed from a traceable location. And then kept on doing it until the cops showed up.

    • by grking ( 965233 )
      Grabbing small amounts doesn't help you evade detection. Many people keep a close eye on their internet banking and notice pretty quickly if there's a transfer to another account which they didn't instigate. And that will have the victim on the phone to bank quicker than Zeus's thunderbolt.
      • Maybe so, but the big losses get escalated a lot faster. Two millions per month is going to set off all sorts of alarms.

      • Re: (Score:2, Interesting)

        by Mattpw ( 1777544 )
        Many ZeuS packages have an option to remove the outgoing transactions from the user's browser as part of the MITB package, this includes changing the balance total to before the outgoing transactions were made so the user wont know until a paper statement turns up if one ever does as many banks are ditching paper statements in favor of browser based ones. And since they are now using the same trojan tactics on users mobiles to defeat mobile sms authentication I am sure you will see a Zeus mobile trojan upg
  • As usual, no mention is made in the summary or the linked news item of the platform that runs this trojan. Most geeks will know but shouldn't the public be informed?

    BTW, it's hard to hold Microsoft (or any software publisher) responsible for damages caused by these flaws even when grossly negligent. I think that the people who make the decision to run Windows should be accountable for their poor decision. I think most people know that Windows is full of holes for malware. It's negligent to run Windows

  • I thought this was going to be about some hardcore steampunk cyber-criminals, until I discovered it was spelt the wrong way [wikipedia.org].

  • More interesting news this week is the gang behind ZeuS, as predicted, have successfully integrated man in the middle attacks against mobile phone two-factor authentication schemes. http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html [s21sec.com]
  • Oblig. (Score:3, Funny)

    by Bobb Sledd ( 307434 ) on Wednesday September 29, 2010 @11:33AM (#33735902) Homepage

    Opulence. I has it.

  • I heard of the 409 crew, or the shadow crew, hope it is not either, as some of them guys were pretty cool hackers, more do sh*t then destroy sh*t, show proof of concept stuff, instead of formatting your drives....

  • From TFA:

    The 20-something mastermind behind the gang's operation has also been arrested in yesterday's raids...

    Any "20-something" is hardly a mastermind of anything, except maybe WoW, and this proves it. At least the article didn't say the phrase "criminal mastermind." That would have royally cheesed me off and forced me to say even more derogatory things.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...