Zbot Exploits MasterCard and Visa and Anti-fraud Programs

[Peaches]

Zbot Exploits MasterCard and Visa and Anti-fraud Programs

Users tricked by fake enrollment forms

Security researchers warn that a new Zbot trojan variant attempts to trick users into exposing their card details by mimicking the enrollment forms for the Verified by Visa and MasterCard SecureCode security programs.

Verified by Visa and MasterCard SecureCode are anti-fraud services, which prevent the abuse of stolen credit card details. They allow cardholders to generate an unique password, which is then required to successfully complete online credit card transactions.

Users can be prompted to opt-in and generate their unique secure codes, if they haven't already, while shopping on the websites of merchants participating in the programs. Unfortunately, this is exactly the type of behavior that cyber crooks behind a new Zbot variant are trying to take advantage of.

According to researchers from security vendor Trusteer, who analyzed this attack, the trojan injects a page masquerading as the official Verified by Visa and MasterCard SecureCode enrollment screens into the browser, when the users initiates a secure transaction. This page asks for a wealth of information, including Social Security number, card number, card expiration date, CVV2 code, ATM PIN, and the secure password required by the programs to serve as additional verification.

Details & screenshot - http://news.softpedi...ms-147684.shtml