In case you needed further evidence that the White Hats are losing the war on cybercrime, a 6-year-old so-called Trojan horse program that drains bank accounts is alive and well on Facebook.
Zeus is a particularly nasty Trojan horse that has infected millions of computers, most of them in the United States. Once Zeus has compromised a computer, it stays dormant until a victim logs into a bank site, and then it steals the victim's passwords and drains the victim's accounts. In some cases, it can even replace a bank's website with its own page, in order to get even more information — such as a Social Security number — that can be sold on the black market.
The Trojan, which was first detected in 2007, is only getting more active. According to researchers at the security firm Trend Micro, incidents of Zeus have risen steadily this year and peaked in May. Eric Feinberg, founder of the advocacy group Fans Against Kounterfeit Enterprise (FAKE), has noticed an uptick in Zeus-serving malicious links on popular NFL Facebook fan pages such as one created by a group called "Bring the NFL To Los Angeles."
Feinberg said he had noticed an increase in such pages and malicious links in recent weeks. He sent those links to Malloy Labs, a security lab, which confirmed that the links on these pages were serving up Zeus malware. The malware was being hosted from computers known to be controlled by a Russian criminal gang known as the Russian Business Network.
Feinberg said he has tried to alert Facebook officials to the problem, with increased urgency, but wasn't satisfied with their response. A Facebook spokesman directed this reporter to a previous Facebook statement reminding users that it actively scans for malware and offering users the opportunity to enroll in self-remediation procedures such as a "Scan-And-Repair malware scan" that can scan for and remove malware from their devices.