Facebook Virus: 'Zeus' Malware Steals Passwords And Drains Bank Accounts, Thrives On Social Network

  on

A Trojan horse virus that originated in 2007 is thriving and spreading in a new environment: Facebook. Using fake Facebook fan pages and compromised accounts, the Zeus malware is able to drain bank accounts and steal private information such as Social Security numbers.

The Zeus malware is disguised as a link with messages encouraging users to check out a cool video or product. Once the user clicks the link, the malware infects the computer but stays in the background, monitoring the Web browser for banks and other financial institutions. Logging into one of these sites causes the malware to activate, sending the login information to a remote server. The hacker can also tell the malware to start draining the bank account. Some versions of Zeus can even create a fake version of the bank’s website and request user information such as Social Security, credit card and ID numbers.

The malware will also hijack your Facebook account, sending messages with malicious links to all of your Facebook accounts.

The New York Times reports that the advocacy group, Fans Against Kounterfeit Enterprise, also detected links serving up the Zeus malware on fake Facebook pages, notably ones for NFL fans. Pages such as “Bring the NFL to Los Angeles” post links claiming to be football news, but actually infect computers with Zeus.

The malware has already infected millions of computers, with most cases happening in the U.S. The new version that's spreading through Facebook cropped up in early 2013 and has been steadily on the rise and peaked in May, security firm Trend Micro said.

[[nid:1294823]]

“Peddling stolen banking and other personal information from users is a lucrative business in the underground market,” Jay Yaneza wrote on Trend Micro’s blog. “Thus, it is important to be careful in opening email messages or clicking links. Bookmark trusted sites and avoid visiting unknown ones. Always keep your system up-to-date with the latest security released from security vendors and install trusted antimalware protection.”

Security firm Malloy Labs traced this version of the Zeus malware to Russian servers owned by a crime syndicate known as the Russian Business Network. In addition to malware, the gang has been linked to numerous online crimes, including identity theft and child pornography.

The Zeus virus won't work on computers running OS X or Linux, so Windows users on Facebook need to be especially careful. There have also been versions found that attack Android and BlackBerry phones. Experts say the best way to stay protected is to only click links from trusted sources, be skeptical of messages urging you to click a link without a personal message and keep your antivirus software up to date. In addition,, make sure your online financial accounts are protected with two-step verification process. 

Follow Ryan W. Neal on Twitter

Join the Discussion