Wednesday, April 11, 2012

Zeus Trojan Hits Ceridian Canada

This security threat takes the Paychoice breach from a few years back to a new level. A first look has similarities, but that is where it stops. The method being used to violate Ceridian's image based authentication is creative, and effective.

Trusteer researchers have captured a Zeus configuration that targets Ceridian, a Canadian human resources and payroll solutions provider. In this attack, Zeus captures a screenshot of a Ceridian payroll services web page when a corporate user whose machine is infected with the Trojan visits this website. This allows Zeus to steal the user id, password, company number and the icon selected by the user for the image-based authentication system.

No comments:

Post a Comment