Do not Allow Internet Browsers or Security Programs Save Passwords
What a great idea! The browser can save the password and I won’t have to remember all the different passwords I have for different sites!
What seems like a good thing really isn’t. If your computer is infected by an advanced threat, like the ZeuS Banking Trojan, one thing they do is look for your stored passwords and send them to the malware control server.
This is just not your passwords stored by IE or Firefox, but also passwords stored by “Internet Security Programs” that are supposed to save and protect your passwords.
The best bet is to never allow your internet browser (or security program) save passwords for you.
So what can you do if you have already told your browser to save your passwords? In Internet Explorer go to “Safety”, then “Delete Browsing History”. You will see a screen like the one above. Just make sure “Passwords” is checked and then hit delete.
In Firefox go to “Tools”, “Options”, “Security”, “Saved Passwords” and “Delete all”. That should do it.
If you are interested in learning more about the current version of ZeuS and what it can do, check out Secureworks Threat Analysis.