The Zeus Trojan: How Online Retailers Can Protect Themselves From the Latest Malware Threat
Online retailers are sadly familiar with the risks posed by malware attacks. In recent years, fraudsters have targeted e-commerce providers with malware designed to deliver access to customer data and other restricted information. Now, cybercriminals are ramping up their attacks with new variants of the Zeus Trojan — advanced malware that allows criminals to seamlessly intercept customer data at the time of checkout.
Whether you're a major brand retailer or a small e-commerce provider, the latest generation of malware threats against online retailers needs to be taken seriously. More than ever before, you need to know how to protect your company and your customers from Zeus and other advanced malware attacks.
Zeus and the Latest Wave of Malware Threats
Cybercriminals are constantly looking for new ways to access customer data. They routinely adapt malware to circumvent automatic detection protocols. The latest variant of the Zeus Trojan is particularly insidious because it lurks in the shadows, allowing an online retailer's website to appear to be functioning normally. Once the victim logs in, the Zeus Trojan springs to life and attempts to capture their protected data.
In a recent attack against a major department store brand, Zeus triggered a pop-up window that appeared at checkout, asking customers to re-enter their loyalty card information. Since the prompt appeared after customers accessed the retailer's website, most didn't recognize it as a fraudulent threat and willingly submitted their loyalty card information to cybercriminals.
For online retailers, the real danger is that the Zeus’ bogus pages and information requests appear to be legitimate. In some instances, Zeus attacks are even personalized with the victim's name, deepening the illusion that the action is an authentic request from the retailer.
Best Practices for Online Retailers
Staying on top of the latest malware threats isn't easy, not even for highly informed online retailers. There are several things you can do to protect your business from Zeus and other advanced malware threats. Consider the following best practices:
1. Customer education: One of the best ways to protect customers from the latest variants of the Zeus Trojan and other online attacks is to educate them about the ways cybercriminals use malware to access personal information. For example, if you find that customer loyalty data is being targeted by fraudsters, leverage on-site messaging to inform customers that your company will never require them to resubmit their information via a pop-up.
2. Software patches: Frequent software updates can also protect businesses from Zeus and other types of malware. Sophisticated malware attacks often gain access to systems by exploiting security vulnerabilities in common software solutions (e.g., Windows, Java, Adobe, etc.). To ensure the integrity of your system, make sure that all devices and access points have been updated with the most recent security patches.
3. Layered security: As always, online retailers need to adopt a layered security approach that includes advanced device identification and malware detection features. In addition to basic user name and password authentication, the system needs to be capable of detecting behavioral anomalies, compromised devices and other threats.
Unfortunately, Zeus is only the tip of the iceberg. Going forward, the threat malware poses to online retailers is likely to become more even more intense. Although it's impossible to achieve total security, online retailers can dramatically reduce the incidence and consequences of malware attacks through diligence and the consistent application of best practices.
Andreas Baumhof is the chief technology officer of ThreatMetrix. Andreas can be reached at abaumhof@threatmetrix.com.
