Fake Login Trojan

The Zeus Trojan

It's called Zeus. It's a dangerous program among a class of malware called Trojans. A Trojan is a program that masquerades as something else. It is commonly delivered to unsuspecting victims through email attachments sent in phishing attacks or through fake websites. Recent estimates put the number of infected computers at over 3 million.

What Makes It So Dangerous?

This malware is dangerous for many reasons. First, because it changes so often, the majority of virus scanners cannot detect it reliably at this time. Second, the program "recognizes" many home banking sites. That is, it detects when a user's browser has requested a page from a home banking site. In extreme cases, it will wait until the user has completely logged into his or her account. Then, it will launch a web page that looks like this:

Trojan Screen

The page might contain Achieva Credit Union identifiers or not. It will probably appear to have a valid Achieva Credit Union address or URL, but the page is actually contained on the user's own computer, and is being inserted into the browser by the malware. Unfortunately, by the time you see the page, the damage has already been done. The malware has observed your login, and has likely stolen your login information already.

What Should I Do?

You should take immediate steps to protect yourself. Among the actions you should consider are the following:

  • Close your browser, and turn off your computer immediately.
  • Call the Member Service Center. Tell the representative that you suspect your computer has been infected with the Zeus Trojan, and you need your Home Banking password changed immediately.
  • Monitor your account closely for suspicious activity.
  • At this time, the National Association of Credit Union Information Technology Professionals (CUISPA) is recommending that the hard disks of affected computers be completely replaced or reformatted, and software installed fresh from original disks. If you have a recent backup of your system, do not use it, since the Trojan program might have been backed up as well.

How Can I Protect Myself?

Clearly, Achieva Credit Union does not use this kind of confirmation, and never will. Not filling out the form is a good first step.

There's no substitute for safe computing practices, such as the following:

  • Do not open email attachments sent by strangers. Do not accept files you did not ask for.
  • Most anti-virus programs today also check for malware, and although some cannot detect this Trojan now, some might, and more likely will, as more is learned about the malware. Keep your anti-virus or spyware detector up-to-date, and scan all your hard drives frequently and regularly.
  • Establish a firewall on your computer.
  • Allow your operating system — Windows, Mac OS, or Linux — to automatically update itself. If you use browser add-ons like Flash or Acrobat, allow those applications to install fixes when suggested.
  • Create strong passwords and change them on a regular basis.

Achieva Credit Union provides enhanced security through "multi-factor authentication" (MFA), which we call Smart Shield. MFA is activated when you register for home banking the first time. When logging on, the thief will be forced to answer one of your Smart Shield Challenge Questions, which is why your Challenge Questions and Answers should be hard to guess. You also will always be able to confirm your Security Text Image when logging on. If at any time you don't get your Challenge Question or Security Text Image, don't continue to give any other personal information.