Authorities in the U.K.have reportedly arrested two people in connection with using a notorious Trojan in a scheme to steal online banking information.
The man and the woman, both 20, were arrested by the Metropolitan Police Service in Manchesterfor violating the 1990 Computer Misuse Act and the 2006 Fraud Act, according to police.
The duo is accused of using the Zeus Trojan, also known as Zbot, in a plot to steal information. According to the Metropolitan Police’s Central e-Crime Unit (PCeU), it is believed the Trojan was configured to record victim’s online bank account information and passwords, as well as credit card numbers and other information such as .
“The Zeus Trojan is a piece of malware used increasingly by criminals to obtain huge quantities of sensitive information from thousands of compromised computers around the world,” said Detective Inspector Colin Wetherill of the PCeU, in a statement. “The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality.”
Zeus is widely available for purchase in the cyber-underground and is typically spammed out in e-mails. Earlier this year, Fortinet observed a surge of activity from the Trojan, and reported that the malware posted record detection levels for a single-day July 24. It went on to rank number two on Fortinet’s list of Top 10 malware during July 21 to Aug. 20.
Trend Micro reported a new spam campaign tied to Zeus earlier this month that prompted recipients to update their MySpace account. The link in the e-mail took users to a fake login page, and ultimately tried to trick users into downloading a supposed -MySpace Update Tool’ that was in fact the Trojan.
“Zbot is one of the most notorious pieces of malware of recent times,” blogged Graham Cluley, senior technology consultant at Sophos. “It’s a data-stealing Trojan horse, designed to grab information from internet users which would help hackers break into online bank accounts and social networking sites such as Facebook and MySpace.”