Zeus Hackers Exploit Two-Factor Authentication

During the past twelve months, malicious software known as 'Eurograbber' was apparently used to steal $47 million in Europe alone. According to reports, the software took advantage of a popular security measure.

The security researchers who discovered Eurograbber are now warning Internet users that the malware could easily spread from Europe to the rest of the world. (Source: checkpoint.com)

Eurograbber is a modified form of a previously known botnet called 'Zeus.' A botnet is a network of computers controlled by malicious software under the direction of a particular individual or gang of cyber criminals.

In its early stages of infection, Eurograbber works like a traditional Trojan horse: the victim is tricked into clicking a bogus link, often disguised in what appears to be a legitimate email. Clicking this link invisibly orders the computer to install the malicious software.

The next time the victim uses the infected computer to visit their banking website, for example, the malware kicks into action by asking the user to type in their cellphone number.

Two-Factor Authentication: From Help To Hindrance

Getting the phone number is key because Eurograbber takes advantage of two-factor authentication: the term for any system in which a user must provide two separate pieces of identification rather than just a password.

In most two-factor systems, the user first types in a password and then offers an additional secret piece of information, often one that simply echoes a passcode the two-factor system has just sent to the user's cellphone.

Many secure websites use a two-factor authentication system because they make it harder for a hacker to gain access without permission -- even if they have the password.

Eurograbber effectively exploits this approach, because once the victim hands over their cellphone number, the malware offers what it says is a banking software security update.

In actual fact, however, the scammers have just sent a rogue piece of software to the victim's cellphone.

The next time the victim responds to that two-factor authentication requirement, the malware on their phone intercepts the passcode message from the bank.

Grabbing that passcode allows the scammers access to the account, from which they can siphon off money or do other damage.

$300,000+ Taken In Single Attack

Security researchers say that individual thefts accomplished through Eurograbber have ranged in damage from $650 to $328,000. (Source: cnet.com)

The kind of attack is a perfect example of the way scammers can play the numbers game.

Sure, the scam relies on a victim jumping through many hoops: clicking the original bogus link, having a smartphone and handing over its number, agreeing to install the phony "phone security update," and subsequently logging in to the two-factor authentication system.

While only a small proportion of people will perform all of these necessary tasks (thereby allowing the Eurograbber system to gain secret access), the malware has spread widely enough that it still makes for a very lucrative scheme.