Microsoft Targets Zeus

Removal Tool Aimed at Stopping Trojan's Spread
Microsoft Targets Zeus
Two weeks after authorities on two continents arrested cyber criminals linked to the Zeus malware, Microsoft has added the infamous Trojan's signature to one of its best removal tools in an effort to hunt down infected machines.

On Oct. 12, Microsoft began detecting Zeus with its Malicious Software Removal Tool, which is a widely used virus removal program that is free for Windows users.

This move will make it more difficult for cyber criminals who are relying on Zeus to collect data to keep running their software on computers that do not have antivirus software installed. Security experts see this move as a positive, as MSRT effectively stopped the Waledac botnet last month. Microsoft says in a blog that the malware, while technically sophisticated, is easy for hackers to deploy with automated toolkits.

About Zeus

The Zeus Trojan, also known as "Zbot," comes equipped with malware aimed at stealing online banking credentials and accessing bank accounts to transfer money. In the last three years, Zbot has become famous as the root cause of corporate account takeovers of businesses, churches, municipal governments and public school districts, stealing millions from their accounts.

How it works: When installed on a victim's computer, Zbot creates a backdoor that enables access to the computer's operating system, and also disables certain security software.

Zbot effectively turns the infected computer into a bot that spreads Zeus to other computers through various attacks, including spam, drive-by-downloads and other malware.

Microsoft said in a blog post that while the banking malware is technically sophisticated, the distribution method is easy for hackers to deploy with automated toolkits.

New, Improved Malware

Even with the addition of Zeus to MSRT's list, don't expect the flow and variants of malware to stop immediately, say experts.

"There are lots of malware writers out there, and they saw the main Zeus author earn about $15 million in commissions from Zeus license rights," says Avivah Litan, a security expert at Gartner. She says the malware writers figure it's easy money for them too and are coming up with better, more improved malware versions.

There are also attacks that redirect all user traffic to their bank through the fraudsters' proxy servers. Litan says security professionals won't see an end any time soon to innovation in malware and attack methods going after ACH and wire transfers.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network