Malware Targets Nonbank Corporate Services

Security firm spots Zeus strain aimed at payroll services provider Ceridian.

As regulators push banks to adopt stronger measures to prevent fraudsters from breaching their customers’ online bank accounts, there are indications that designers of malware have turned their sights to softer targets, such as corporate payroll systems.

“They’re finding the weaker links,” says Avivah Litan, an analyst at Gartner, pictured at right. “Banks are spending a lot of money on preventive measures, and regulators have forced them to institute improvements. That’s not true for payroll providers.”

Fraudsters essentially take a shotgun approach, aiming to infect as many computers as possible in the hope one will be used by an key corporate executive such as a payroll administrator, allowing Zeus to steal his or her user ID, password, company number and the icon selected by the user for the image-based authentication system. The fraudsters can then open up fake accounts and have large sums transferred to them.

Last July, an employee with access to the online payroll accounts of the Metropolitan Entertainment & Convention Authority in Omaha, Neb., opened a malware-infected e-mail that stole the employee’s passwords and other key information and transferred $217,000 to “mule” accounts. The nonprofit had reportedly declined security measures offered by its bank, First National Bank of Omaha.

Page 2 of 2

Advertisement. Closing in 15 seconds.