The battle between White Hats and cyber crime is far from over – and things are not looking terribly well for the White Hats. This is clearly shown by a Trojan horse known as Zeus. Now in its sixth year, Zeus is a programme cheerfully continuing to drain users’ bank accounts via Facebook.

This particularly nasty Trojan has apparently already infected computers in their millions, predominantly in the US. This may be due to the fact that it is hidden on a highly popular page for NFL fans. On this page, posts linking to Internet addresses that are controlled by the so-called Russian Business Network are posted by fake profiles. The Russian Business Network, by the way, is an online criminal gang specialising in online crimes, including child pornography and identity theft.

Once a computer has been compromised, Zeus will remain dormant until the unsuspecting victim logs into his/ her bank Website. It then proceeds to steal the user’s password and thereafter drains his/ her bank account/s. On occasion, it has also been known to completely replace the bank’s official site with its own pages, providing it with additional information – such as, for instance, social security numbers – that can then be offered up for sale on the ever thriving black market.

First detected as early as 2007, Zeus is far from being on the decline – in fact, activity seems to be increasing. According to Trend Micro researchers, incidents involving Zeus have steadily increased throughout this year, peaking significantly in May. The founder of advocacy group FAKE (Fans Against Kounterfeit Enterprise), Eric Feinberg, stated that he had noticed a definite up-trend in malicious links serving Zeus on popular Facebook NFL fan pages like, for instance, the one created by the ‘Bring the N.F.L. To Los Angeles’ group.

Noticing an increase in these pages – and the malicious links contained within them – Mr Feinberg submitted those links to security lab Malloy Labs, who confirmed that they were indeed serving Zeus. It was also confirmed that the malware is being hosted from Russian Business Network controlled computers.

On trying to alert Facebook – with increasing urgency – to this issue, Mr Feinberg and investigating reporters were directed to an earlier Facebook statement by a spokesman for the network. The statement essentially reminds users that Facebook actively scans for potential malware and offers users the opportunity to enlist in self-remedy procedures. This includes the Scan-and-Repair service, which scans for and removes malware from users’ devices – an after-the-fact measure that, according to Mr Feinberg, is hardly enough to protect users. If Facebook values its users – and wishes to retain them – it may be time to take these issues a little more seriously.