A six-year-old Trojan malware virus nicknamed “Zeus” has been making a serious comeback on Facebook. The virus works by lying dormant on a user’s computer until they access an online bank account. It then springs into action, stealing the user’s password and draining their accounts. It can even replace a bank website with its own page to goad users into giving up even more personal information, like a social security number, which the scam artists can then sell on the black market.
The Zeus bug only affects PC users, and spreads through typical malware schemes like fake links encouraging users to click through to see an unusual video or post. The scam is suspected to originate with a Russian criminal syndicate known for illegal online activities including online theft and child pornography. Researchers from the security firm Trend Micro have noticed a steady increase in the Zeus bug’s effect on Facebook over the past year, and its reach even peaked in May. Eric Feinberg, founder online security advocacy group Fans Against Kounterfeit Enterprise, has notified Facebook about the threat posed by these scam links and fake pages, though he claims that Facebook has not done enough to address the issue.
“If you really want to hack someone, the easiest place to start is a fake Facebook profile– it’s so simple, it’s stupid,” he said. “They’re not listening. We need oversight on this.”
As insidious as these scams are, they can be easily avoided by never clicking on links that don’t originate from a trusted source. Facebook users should read all link URLs carefully before clicking to ensure that they’re legit. If something seems fishy, don’t click through it, and definitely don’t give personal information if prompted.