Macs not vulnerable to Eleonore online banking trojan
Macs are not being infected with the Zeus botnet say M86 Security, after reports yesterday by a number of news sources that Macs, PlayStation 3's and Nintendo Wii's had joined Windows systems as part of a banking targeted botnet. These mistaken reports of the discovery of a Zeus botnet in the UK by M86 Security had in turn lead to some security vendors calling it "the big wakeup call for Mac users".
The reports of Mac infections from the M86 white paper appear to have been due to a table on page 4 of the report which lists the operating systems of machines which had connected to a web site used by the botnet's creators to spread the infection. The criminals used the Eleonore exploit kit which makes use of vulnerabilities in Internet Explorer, Adobe Reader, Java Development Kit and Java Web Start. Ed Rowley, product manager at M86 Security, confirmed to The H that the list is only of OS connection numbers and does not indicate that there had been successful exploits of the listed operating systems; the list also includes Linux, Symbian, SunOS and Windows ME. "We've only seen these exploits on Windows machines" said Rowley, adding "The table was included in the white paper to show the sophistication of the botnet's data gathering and that it was analysing the traffic".
The botnet itself is nothing extraordinary; Zeus is the generic name of a botnet kit that is sold by criminals to other criminals who want to easily construct their own key-logging network of infected machines. In this case the botnet has been used to target UK banking customers, specifically intercepting visits to selected banking sites and performing hidden transactions while the customer is logged in. The Zeus variant detected by M86, dubbed Zbot/Zeus v3, currently triggers only a few virus filters. According to Zeustracker, a site which monitors Zeus command and control servers, the average detection rate for Zeus botnets is 43.5%.