Stop Fraud

The Zeus Trojan

It's called Zeus. It's a dangerous program among a class of malware called Trojans. A Trojan is a program that masquerades as something else. It is commonly delivered to unsuspecting victims through email attachments sent in phishing attacks or through fake websites. Recent estimates put the number of infected computers at over 3 million.

What Makes It So Dangerous

This malware is dangerous for many reasons. First, because it changes so often, the majority of virus scanners cannot detect it reliably at this time. Second, the program "recognizes" many home banking sites. That is, it detects when a user's browser has requested a page from a home banking site. In extreme cases, it will wait until the user has completely logged into his or her account. Then, it will launch a web page that looks like this:

The page might contain LFCU identifiers or not. It will probably appear to have a valid LFCU address or URL, but the page is actually contained on the user's own computer, and is being inserted into the browser by the malware. Unfortunately, by the time you see the page, the damage has already been done. The malware has observed your login, and has likely stolen your login information already.

What Should I Do?

You should take immediate steps to protect yourself. Among the actions you should consider are the following:

  • Close your browser, and turn off your computer immediately.
  • Call the Contact Center. Tell the representative that you suspect your computer has been infected with the Zeus Trojan, and you need your L@ngley Link password changed immediately.
  • If the Contact Center representative does not offer to reset your Safe2Connect Challenge Questions, ask that they also be reset.
  • Monitor your account closely for suspicious activity.
  • At this time, the National Association of Credit Union Information Technology Professionals (CUISPA) is recommending that the hard disks of affected computers be completely replaced or reformatted, and software installed fresh from original disks. If you have a recent backup of your system, do not use it, since the Trojan program might have been backed up as well.

How Can I Protect Myself?

Clearly, L@ngley Link does not use this kind of confirmation, and never will. Not filling out the form is a good first step.

There's no substitute for safe computing practices, such as the following:

  • Do not open email attachments sent by strangers. Do not accept files you did not ask for.
  • Most anti-virus programs today also check for malware, and although some cannot detect this Trojan now, some might, and more likely will, as more is learned about the malware. Keep your anti-virus or spyware detector up-to-date, and scan all your hard drives frequently and regularly.
  • Establish a firewall on your computer.
  • Allow your operating system — Windows, Mac OS, or Linux — to automatically update itself. If you use browser add-ons like Flash or Acrobat, allow those applications to install fixes when suggested.
  • Create strong passwords and change them on a regular basis.

L@ngley Link provides enhanced security through "multi-factor authentication" (MFA), which we call Safe2Connect. MFA is activated when you register the computer you're using with L@ngley Link. Registration involves placing a secure "cookie" — a simple data file — on your computer. Registering your computer in this way adds another barrier to a thief who might successfully steal your member number and password. The Safe2Connect cookie is useless on the thief's computer, even if he can steal it. The thief will be forced to answer one of your Safe2Connect Challenge Questions, which is why your Challenge Questions and Answers should be hard to guess.