Just out of curiosity . Would Zeus work if you did the online banking in a secure virtual machine instance while it is on the host PC?
Not if you use a guest account or a restricted acc., it relies on administrator access for a XSRF browser attack. It can also target executable desktop banking clients.
The newer versions are much more advanced & sell for up to 200,000 rubles ($8k US dollars), over twice as much as a year ago.
Those can capture the entire desktop feed (like teamviewer etc.) and when you're logged in after using a one-time PIN, it hooks the mouse API making it freeze & gives attacker time to transfer out all the cash.
If the bank uses double confirmation (additional random one-time PIN sheet to confirm payment), the attack can't be executed. Most banks don't use double confirmation. Credit Suisse, Nordea, Banque de France are some banks that use d.c.
Also if the client gets suspicious and reboots the machine, the attack fails.
If the bank requires phone verification for large (or sudden multiple) transfers, the attack also becomes impossible.
