First identified in 2007, the Zeus trojan continues to cause problems — in fact your own machine may be infected with it. Tech reporter Robert McGarvey details this malware’s staying power.
Two facts have made Zeus both persistent and pervasive.
Fact One: It is entirely about the money. Zeus is a key logger that wakes up only when a user of an infected machine visits a financial site. It keeps its activity to a minimum and that makes it hard to notice.
Fact Two: “Every version of Zeus is different,” said Krebs, and this is because this malware is effectively open source. Any bad guy can download it and customization kits are for sale to up its larceny. The upshot is that Zeus’ digital fingerprints keep changing; making it difficult for antivirus (AV) software to recognize it. It actually is “fairly easy to get rid of Zeus once it is detected,” said Kevin McNamee, security architect at network security firm Kindsight.
It is just terribly hard to identify it.
“Way over 20 million computers have been infected by Zeus,” said Lance James, an executive at security firm Vigilant and himself one of the first to detect Zeus. “It is the king of malware.”
Because antivirus tools generally don’t work against it, this forces IT to fight a different battle with Zeus. Probably the best starting place in this ongoing battle, suggested Krebs, is user education. That is because the primary means of infection is social engineering: an email from the “IRS” arrives, demanding the recipient immediately click through to verify some fact. Do that, or click on the link in the email about unpaid New York City parking tickets or student loans that have gone into default, and Zeus will download a small chunk of code that, and here’s the genius, does absolutely nothing. It rings no warning bells, sets off no alarms, raises no AV eyebrows.
Read the rest about the Zeus trojan at eSecurity Planet.