How the Zeus Botnet Cyberscam Works

A massive international cybercrime scheme that relied on Internet viruses to loot millions of dollars from U.S. and foreign bank accounts has been broken, federal law enforcement officials said. The crooks stole millions of dollars directly out of users bank accounts with the help of their own computers, through a malicious Trojan called the Zeus bot.

Here's how they pulled the scheme off.

The user's computer is infected during a visit to a site hosting the malicious code, or even through an advertisement running on an otherwise innocent site. For example, experts warned of recent scam to infect users of the social-networking site LinkedIn: After clicking a link users are redirected to an innocent-looking site that quietly installs the software, then takes the user somewhere harmless.

Once infected, the user is joined to the Zeus botnet, a network of zombie computes that criminals can readily use for a variety of purposes. Last year, Gary Warner, the director of computer forensics at the University of Alabama at Birmingham, called the Zeus bot America's most pervasive computer virus, reportedly infecting 3.6 million U.S. computers. There are several botnets of infected computers based on Zeus, experts say.

According to the FBI, Once the Zeus bot was engaged, the hackers could secretly monitor the victim's computer activity, enabling them to obtain bank account numbers, passwords and authentication information as the victim typed them into the infected computer.

More On This...

When the user accesses his or her bank Web site, the Trojan transfers the log-in ID, date of birth, and a security number back to a server that controls the network of zombified PCs. The system then maliciously employs the victim's computer against him, transferring the money to the bank accounts of so-called “money mules” -- typically innocent people recruited to use their own bank accounts to funnel money through.

Federal agents explained that individuals from eastern Europe who were already present in the U.S. or who were planning to go there on student visas were recruited to open hundreds of bank accounts so that money snatched from other bank accounts using stolen passwords could be transferred there, the Associated Press reported.

The mules usually kept about 8 to 10 percent of the stolen money for themselves before passing the rest along to other participants in the scheme, the FBI said.