Zeus trojan adds fake investment adverts

The Zeus trojan toolkit has added a new armament to its weapons of mass deception; advertising. Trusteer has reportedly found a new configuration of the fraudsters digital toolkit which injects banner advertisements offering high rates of interest, from 7 to 32 per cent per day, into Google and Bing pages.

An example of the fraudulent banners injected, in this case, onto Bing
Source: Trusteer

Those adverts linked to a site at http://ursinvestment.com/ which allowed people to "open" investment accounts and wire transfer money to the fake company. The URS Investment pages are no longer online, but the IP address of the site, as reported by Trusteer (178.18.243.227), is host to pages of a similarly dubious nature which are fake versions of a legitimate company's web presence. For example, a "Trustwave" logo on the page, when clicked for verifications, appears to show the site is trusted but on closer examination, is showing the verification status for the US online retailer NewEgg.

The trojan configuration also targeted sites such as Forbes and Yahoo Finance, injecting fake articles into pages suggesting the sites were partnered with "URS Investments" and were recommended by Forbes and Yahoo and offer links to sign up with the site. Other sites which are targeted by the trojan's configuration include AOL, Amazon, Apple, CNN, Citibank and ESPN. The sophistication of the fraud makes it harder for users to detect when a site is fraudulent, but the old rule of "when something is too good to be true, it's too good to be true" still holds, especially when someone is offering to double your money in a week.

(djwm)