Skip Links

UK police notified of ongoing Zeus mobile attacks

A dangerous variant of Zeus is still intercepting one-time passcodes sent by text message

By Jeremy Kirk, IDG News Service
September 29, 2010 09:30 AM ET

Page 2 of 2

The mobile Zeus malware can infect Symbian Series 60 devices or BlackBerries. The iPhone is so far not affected. Interestingly, the mobile Zeus malware application had a signed certificate that was obtained by a company registered in Azerbaijan, Lovet said. Symbian has not revealed the name of the company.

If an application has a certificate, it is usually allowed to be downloaded by a device. Companies are usually required to send information that authenticates themselves as a legitimate developer, but rogue ones may submit fake information in order to get a certificate, Lovet said.

Then bad applications may get through to application stores. "It seems they don't really have the time or the resources to really check each and every single application that is submitted," Lovet said.

The domain name that was used to host the mobile Zeus has since been shut down. However, when it was live, the domain used fast-flux, a technique that allows the domain to be hosted on a rotating selection of IP addresses, Lovet said. That can make it more difficult to block.

As banks increasingly look to mobile banking systems, the latest Zeus development is concerning, Lovet said. If banks allow people to execute transactions solely on their mobile phones, which could be infected with malware, sending a one-time passcode to that same device won't work.

"It makes sense as long as two-factor authentication goes through two different physical paths but if the physical path is the same for the two factors, it doesn't make any sense," Lovet said.

Send news tips and comments to jeremy_kirk@idg.com

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News