Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews

Is the Zeus Trojan Truly the High God of All Malware?


Secret bank accounts. Transferring money off-shore thanks to the help of money-mules. Millions of dollars in losses because of a single computer file. It sounds like the plot for a hot new movie or a popular espionage novel, doesn't it? Unfortunately, it's the backstory behind the Zeus Trojan program, and more than sixty people have been charged in the United States as well as 11 EU citizens. What's more, however, is that authorities have suggested that nearly $200 million has been stolen in connection with this malware since 2006, making it one of the most serious cases in cyber-crimes history around the world.

Understanding the Program

The primary goal with this program is actually to steal your banking information. That gives the program operator instant access to your account, and from there, the "Zeus Gang," as they're called, can transfer your money into an account they've previously opened, and eventually, transfer it off-shore where they can collect the full amount of cash.

The Zeus Trojan was first discovered almost three years ago on a computer within the United States Department of Transportation, where it was stealing quite a bit of information. It really gained traction throughout 2009. By June of that year, Prevx, a computer security company, found that nearly 74,000 FTP accounts had been infiltrated on major websites. Among them were names like Amazon, Bank of America, and even ABC News.

The numbers on this problem have only grown from there. Some security experts have estimated that there are 3.6 million computers in the United States alone that have been compromised, and by the end of last year, Zeus had sent more than 1.5 million messages on the popular social networking site Facebook to help further propagate itself. Facebook hasn't been the only target in terms of phishing emails. There have also been nine million phishing emails sent out under the guise of Verizon Wireless. This year, even banking credit cards have been infiltrated, which only causes further concern. The most recent outbreak has been dubbed Kneber, and it's working hard to target a variety of bank and credit card websites. It works to get the logins for financial services, but also email accounts and social networks. Among the top sites targeted are Facebook, Yahoo, and Hi5. Home, corporate, and government have been and continue to be targeted, but all of them are running the Windows Operating System. For the most part, those employing Windows XP Professional Service Pack 2 are under attack, but any Windows user could be a target.

Computers in close to two hundred different countries have been targeted, and while Egypt, the US, Mexico, Saudi Arabia, and Turkey round out the top five, there are few countries around the world that haven't found at least a few infected machines. 

One of the biggest problems is the availability of this program. Because it's sold on the black market for less than four thousand US dollars, nearly any unsavory character can start a Zeus gang, and officials have suggested there are currently more than a dozen of them at work across the world.

In addition to how available the program is, it also has the ability to hide for several months. It's possible to steal an extensive amount of data well before the Trojan has been discovered.

Moving the Money

Stealing the keystrokes is only part of the game here. The money mules play a huge role too. These are individuals who are actually paid part of the profits, anywhere from seven to ten percent, to create a number of different accounts. Those accounts end up with the initial stolen funds on them, then the money is further moved out of the country using any one of a number of popular wire services.

In the United States, for example, these individuals are recruited from a variety of different countries including those in Eastern Europe, and they come to the U.S. on what's called  J1 visa. It's a non-immigrant visa that is typically offered to students and other individuals. These money mules then get faked passports once they're in the United States, and they take that information to various banks, and open a number of different accounts.

Once the Zeus Trojan logs the information, the bank account is invaded, and money is transferred to the account of a money mule. The individual quickly removes that money before the fraud can actually be noticed and wires it elsewhere. In most cases, this is done in increments of up to ten thousand dollars at any given time. The biggest risk for these individuals comes when they withdraw the cash. Because the wiring leaves a trail, the funds must be taken in cash, and by visiting the teller window or even an ATM, they're picked up on surveillance cameras around the institution.

Detecting and Removing the Program

One of the primary problems with this particular program is that over the past three years, it has taken a number of different forms, and it can be passed in a variety of different ways. While it often comes in as a Trojan, it can also creep in as a fake email or a spam link. For example, many have gotten the Zeus Trojan after they received an email that looked to be from the popular business networking site LinkedIn. Inside the email is what appears to be a confirmation link. Once you click it, you're automatically taken to a page that says "Please Waiting . . . .4 Seconds." From there, you're taken to Google, but it's those few seconds when Zeus installs itself on the system, and every single one of your keystrokes are logged until the program is removed. From what looks to be a harmless email from LinkedIn to something that looks like a Twitter link, it's difficult to tell what form it will take next.

The other real problem is that it has taken a number of different forms. Many security experts have suggested that any modern program, even the most reliable, simply can't keep up with the number of variants, and while it is certainly possible to remove some of them through constant updates and scans, there's some real concern about what this Trojan has been able to do.

To this point, variants have included Infostealer.Banker.C, Trojan Wsnpoem, Packed.Generic.232, Trojan-Spy, TSpy_Zbot.CRM, and TSPY_ZBOT.CQJ. Additional variants are regularly discovered, though, so this is far from a comprehensive list.

The best way to detect and remove the program remains updated antivirus software with a reliable scanner, but with new variants being constantly developed, it may be difficult to completely protect your machine from this kind of threat.



We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

NEWS | ARTICLES | REVIEWS | CONTACTS | LINK TO US
All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service