Feedback
Tech

Notorious Zeus banking Trojan is gaining speed on Facebook

Facebook on various screens

Malware known as Zeus that can land on a user's computer and steal that user's bank account information is "re-merging with a vengeance" and finding its way onto Facebook. One security firm believes Zeus' reemergence "peaked in May," but is still quite active.

An administrator of Facebook sports fan pages is so upset about it, he's made it his personal mission to try to get the social network to be more aggressive in dealing with Zeus, which has been a longtime threat to computer users, and in more recent years, to some smartphone users.

"Anybody can be anybody on Facebook, and that's what wrong with this; there needs to be a vetting process" of those who are allowed to sign up for the social network and post links to other websites, the administrator, Eric Feinberg told NBC News.

The average person, he says "doesn't know" how to look for such problem links, and he contends there are too many links on the site that are posted by criminals that can lead to downloads of Zeus, or to buying counterfeit goods.

Feinberg, a New York marketing professional, started a website, FAKE — (Fans Against Kounterfeit Enterprise) — to raise awareness of the issue.

Zeus installs itself on a user's computer then lurks, lying in wait. When a user logs on to a banking website, Zeus moves into action, capturing the bank account's username, password and routing information, and any other personal financial information it can locate.

"The notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year," wrote Jay Yaneza of Trend Micro, on the security company's blog.

Yaneza said Zeus "surged in the beginning of February," and "peaked during the middle of May."

Feinberg, working with a security expert, Ian Malloy, and others in online "white hat" hacker groups, said they noticed that many of the Facebook links there were problems with had ".tk" extensions on them, signifying the websites' country code as Tokelau, a South Pacific territory, and a domain used by some Eastern European and Russian cybercriminals.

Frederic Wolens, of Facebook Policy Communications, told NBC News that users should always be "careful with suspicious links and always check the domain," saying that users should be aware that a link to a site like "www.Facebook.scarysite.tk is not Facebook," for example, and that they should not click on such links.

Zeus itself, Wolens said "can be found across the Internet, including on Facebook ... if Zeus is spreading using malicious links, these of course can crop up on Facebook." Users can also take advantage of the social network's Scan-and-Repair malware scan (and can learn more here).

Still, Zeus is pernicious, and Facebook is a natural destination because the network has so many users.

"Old threats like [Zeus] can always make a comeback because cybercriminals profit from these," Trend Micro's Yaneza wrote. "Peddling stolen banking and other personal information from users is a lucrative business in the underground market. Plus, these crooks can use your login credentials to initiate transactions in your account without your consent."

That's why it's important to both be careful in "opening email messages or clicking links," he said. "Bookmark trusted sites and avoid visiting unknown ones. Always keep your system up-to-date with the latest security releases from security vendors and install trusted anti-malware protection."

Check out Technology and TODAY Tech on Facebook, and on Twitter, follow Suzanne Choney.