Cleaning my RSS-feeds inboxes, I found this little gem called “The Reign of Zeus”, written back in May, ages ago on the internet security time scale, by Anup Ghosh:
Zeus is a game changer virus for the financial services industry, and perhaps its most pernicious computer-related threat. It specifically targets banking information by users and will defeat strong multi-factor authentication (MFA) methods used by banks including hardware tokens with one-time random passwords. A recent breakthrough in spreading Zeus via PDF files threatens to further the spread of Zeus.
Zeus is an example of the sophisticated crimeware now available to crime syndicates that are focused on illicit financial gains by capturing banking credentials. The toolkit is available for sale in underground markets and the Zeus author has even implemented sophisticated hardware licensing schemes to prevent piracy.
Not sure whether the “DRM is bad for the customer” mantra applies here.
Threat Level has an update on spear-phishing, based on data issued in Symantec’s MessageLabs Intelligence reports.