Jump to content

Zeus (malware)

From Wikipedia, the free encyclopedia
(Redirected fromZeus (Trojan horse))
"Zbot" redirects here. For the action figures, seeZbots.
Not to be confused withGameover ZeuS.

Zeusis aTrojan horsemalwarepackage that runs on versions ofMicrosoft Windows.It is often used to stealbanking informationbyman-in-the-browserkeystroke loggingandform grabbing.[1]Zeus is spread mainly throughdrive-by downloadsandphishingschemes. First identified in July 2007 when it was used to steal information from theUnited States Department of Transportation,[2]it became more widespread in March 2009. In June 2009 security companyPrevxdiscovered that Zeus had compromised over 74,000FTPaccounts on websites of such companies as theBank of America,NASA,Monster.com,ABC,Oracle,Play.com,Cisco,Amazon,andBusinessWeek.[3]Similarly toKoobface,Zeus has also been used to trick victims oftechnical support scamsinto giving thescam artistsmoney through pop-up messages that claim the user has avirus,when in reality they might have no viruses at all. The scammers may use programs such asCommand promptorEvent viewerto make the user believe that their computer is infected.[4]

Detection[edit]

Zeus is very difficult to detect even with up-to-date antivirus and other security software as it hides itself usingstealth techniques.[5]It is considered that this is the primary reason why the Zeus malware has become the largest botnet on the Internet:Damballaestimated that the malware infected 3.6 millionPCsin the U.S. in 2009.[6]Security experts are advising that businesses continue to offer training to users to teach them to not to click on hostile or suspicious links in emails or Web sites, and to keepantivirus protectionup to date. Antivirus software does not claim to reliably prevent infection; for example Symantec's Browser Protection says that it can prevent "some infection attempts".[7]

FBI crackdown[edit]

FBI:The Zeus Fraud Scheme

In October 2010 the USFBIannounced that hackers inEastern Europehad managed to infect computers around the world using Zeus.[8]The virus was distributed in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the trojan software installed itself on the victimized computer, secretly capturing passwords, account numbers, and other data used to log into online banking accounts.

The hackers then used this information to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network ofmoney mules,paid a commission. Many of the U.S. money mules were recruited from overseas. They created bank accounts using fake documents and false names. Once the money was in the accounts, the mules would either wire it back to their bosses in Eastern Europe, or withdraw it in cash and smuggle it out of the country.[9]

More than 100 people were arrested on charges of conspiracy to commitbank fraudandmoney laundering,over 90 in the US, and the others in theUKandUkraine.[10]Members of the ring had stolen $70 million.

In 2013Hamza Bendelladj,known as Bx1 online, was arrested in Thailand[11]and deported toAtlanta, Georgia,USA. Early reports said that he was the mastermind behind ZeuS. He was accused of operatingSpyEye(a bot functionally similar to ZeuS) botnets, and suspected of also operating ZeuS botnets. He was charged with several counts of wire fraud and computer fraud and abuse.[12]Court papers allege that from 2009 to 2011 Bendelladj and others "developed, marketed, and sold various versions of the SpyEye virus and component parts on the Internet and allowed cybercriminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information". It was also alleged that Bendelladj advertised SpyEye on Internet forums devoted to cyber- and other crimes and operated Command and Control servers.[13]The charges in Georgia relate only to SpyEye, as a SpyEye botnet control server was based in Atlanta.

Possible retirement of creator[edit]

In late 2010, a number of Internet security vendors includingMcAfeeandInternet Identityclaimed that the creator of Zeus had said that he was retiring and had given thesource codeand rights to sell Zeus to his biggest competitor, the creator of theSpyEye trojan.However, those same experts warned the retirement was a ruse and expect the developer to return with new tricks.[14][15]

See also[edit]

References[edit]

  1. ^Abrams, Lawrence."CryptoLocker Ransomware Information Guide and FAQ".Bleeping Computer.Retrieved25 October2013.
  2. ^Jim Finkle (17 July 2007)."Hackers steal U.S. government, corporate data from PCs".Reuters.Retrieved17 November2009.
  3. ^Steve Ragan (29 June 2009)."ZBot data dump discovered with over 74,000 FTP credentials".The Tech Herald.Archived fromthe originalon 25 November 2009.Retrieved17 November2009.
  4. ^"How to Recognize a Fake Virus Warning".Retrieved28 July2016.
  5. ^"ZeuS Banking Trojan Report".Dell SecuWorks. 10 March 2010.Retrieved2 March2016.
  6. ^"The Hunt for the Financial Industry's Most-Wanted Hacker".Bloomberg.Bloomberg Business. 18 June 2015.Retrieved2 March2016.
  7. ^"Trojan.Zbot".Symantec.Archived fromthe originalon 30 January 2010.Retrieved19 February2010.
  8. ^"Cyber Banking Fraud".The Federal Bureau of Investigation.Retrieved2 March2016.
  9. ^FBI (1 October 2010)."CYBER BANKING FRAUD Global Partnerships Lead to Major Arrests".Archived fromthe originalon 3 October 2010.Retrieved2 October2010.
  10. ^BBC (1 October 2010)."More than 100 arrests, as FBI uncovers cyber crime ring".BBC News.Retrieved2 October2010.
  11. ^Al Jazeera (21 September 2015)."Hamza Bendelladj: Is the Algerian hacker a hero?".AJE News.Retrieved21 March2016.
  12. ^Zetter, Kim."Alleged 'SpyEye' Botmaster Ends Up in America, Handcuffs, Kim Zetter, Wired, 3 May 2013".Wired.Wired.com.Retrieved30 January2014.
  13. ^"Alleged" SpyEye "mastermind extradited to US, Lisa Vaas, 7 May 2013, Sophos nakedsecurity".Nakedsecurity.sophos.com. 7 May 2013.Retrieved30 January2014.
  14. ^Diane Bartz (29 October 2010)."Top hacker" retires "; experts brace for his return".Reuters.Retrieved16 December2010.
  15. ^Internet Identity (6 December 2010)."Growth in Social Networking, Mobile and Infrastructure Attacks Threaten Corporate Security in 2011".Yahoo! Finance.Retrieved16 December2010.

External links[edit]

Wikinews has related news:
Retrieved from "https://en.wikipedia.org/w/index.php?title=Zeus_(malware)&oldid=1221434363"