Zeus, the number one botnet, or also known as a banking Trojan, has infected over 3.6 million PC’s in the United States alone presenting a serious threat to financial institutions.
Zeus is composed of thousands of compromised computers which are targeting banks and financial institutions to steal credentials. Once the account credentials are stolen from a bank, then they are sent to a remote server where hackers can use them to log into the victims online banking accounts.
Zeus attacks computers through online services such as social networks, ftp accounts, email accounts and online banking. The Zeus trojan commonly uses aliases or names like NTOS, PRG, WSNPOEM and Zbot. Some of these names come from executable files that are found on systems infected with Zeus. Many of the executables have been identified as the file names PPnn.exe, ntos.exe, ld12.exe, ld08.exe, pp08.exe and pp06.exe.
What makes Zeus so dangerous is its ability to evade many anti-virus applications. This is in part the reason Zeus is rated as the #1 botnet in the US. When put up against the top 10 botnets in the U.S. such as Koobface and Conficker, Zeus still comes out on top. Zeus is able to go undetected by many antivirus programs due to its ability to morph. Security firm Trusteer, was able to release a report on Zeus’s effectiveness based off of their field figures for financial malware distribution. In this report, it reveals that out of all of the financial motivated parasites currently detected, Zeus makes up 44% of the population.
An abundance of hackers and thieves use bank-heist Trojans such as Zeus to obtain login credentials. Zeus is the weapon of choice mainly for its ability to go virtually undetected and overcome authentication or security measures put in place. An event that highlights Zeus’ ability to foil security is an incident that involved an account manager using 2-factor security to log into their account. This type of security method requires use of a one-time six-digit password code that is issued by a small electronic device every 30 or 60 seconds. Because the system used for the banking transaction was already infected with Zeus, it did not matter that such a security measure was being used. When the user authenticated the information, the trojan did the same thing. Basically, Zeus was able to perform transactions on the infected computer without having to know the credentials.
Zeus continues to spread mainly through spam messages that claim to be a Microsoft Outlook update. Computer users are urged to keep all software up-to-date despite the fact that Zeus is able to evade many antivirus applications. You have to wonder, do attackers that use Zeus to steal banking credentials have an unfair advantage over makers of antivirus applications and online banking security infrastructures?