The Pocket-Picking Facebook Malware That No One Knows How To Stop

The Pocket-Picking Facebook Malware That No One Knows How To Stop

A particularly nasty breed of malware is raiding people’s Facebook profiles and emptying their bank accounts. Its name is Zeus, and, yes, it is all powerful. Because despite the fact that this money-grubbing, Likejacking malware has been around for years stealing both private and government data, cybersecurity experts are still stumped about how to stop it.

The methods of Zeus malware are relatively simple. “Zeus is a particularly nasty Trojan horse that has infected millions of computers, most of them in the United States,” the New York TimesNicole Perlroth explains. Once Zeus has compromised a computer, it stays dormant until a victim logs into a bank site, and then it steals the victim’s passwords and drains the victim’s accounts. In some cases, it can even replace a bank’s website with its own dummy page, in order to get even more information that can be sold on the black market.’

So that’s basically all of the worst things that could happen to you in the event of a hack, all rolled into one piece of software that even the good hackers can’t crack. And when I said that this has been around for years, I didn’t mean, like, two of them. Zeus appeared online as early July 2007. It’s broken into everywhere from Amazon to NASA, stolen tens of millions of passwords and led to over 100 arrests in the United Kingdom and Eastern Europe. It’s even evolved after the source code leaked back in May of 2011, and a bunch of black hat hackers started retooling it for malicious purposes.

The really bad news about this global Zeus attack is that its gaining some momentum. In the first five months of this year, there was a steady rise in the number of attacks. Oh, actually, worse than that is the allegation that Facebook’s not doing anything to stop it. And that’s really bad since experts view Facebook as a — if not the — prime target for attacks. Hackers evidently prefer snatching up personal data via Facebook rather than try to break into the more robust security of credit card providers.


Because all your financial and personal info is probably there anyway. “If you really want to hack someone, the easiest place to start is a fake Facebook profile,” one advocate told The Times. “It’s so simple, it’s stupid.” [NYT]

Pictures: Deviant Art, Wikimedia