Zeus botnet trojan horse is back
Saturday, April 24, 2010
Trusteer, a web security company, reports that a trojan horse virus called Zeus can steal online banking details from infected computers. The virus has infected one out of every 3,000 computers of the 5,500,000 million which the company monitors in the United States and the United Kingdom.
The trojan can infect users of Mozilla Firefox and Microsoft Internet Explorer on Microsoft Windows, and steals login information by recording keystrokes when the machine connects to certain websites, usually banks or other financial institutions. The stolen data is transmitted to a remote server and sold to cyber-criminals. "We expect this new version of Zeus to significantly increase fraud losses, since nearly 30% of Internet users bank online with Firefox and the infection is growing faster than we have ever seen before," said Amit Klein, chief technology officer at Trusteer, to BBC.
The trojan has also affected Wikinews users, including Brian McNeil, who is the founder of Wikinewsie, a restricted-access wiki used to collaborate on sensitive news reports. McNeil reported on his userspace: "On Saturday [April] 17, a Windows-based PC in the house issued a cry for help, the Avira package running on the system had just detected a piece of malware; full scans indicated several known pieces of malware and numerous hidden files. Additional scans revealed that all but one of the USB memory sticks and portable hard drives in the house were infected with something. The Zeus botnet, as it turned out." E-mail accounts for accredited reporters have also been affected.
Sources
- Janet Harris. "Trusteer detects new Zeus (Zbot) password stealing Trojan" — Trusteer, April 22, 2010
- "The ZeuS, ZBOT and Kneber Connection" — Trend Micro, 2010
- "Zeus banking virus is back warns security firm" — BBC News Online, April 21, 2010
- "Web hit by hi-tech crime wave" — BBC News Online, April 20, 2010
- "Infected XP owners left unpatched" — BBC News Online, April 16, 2010
- "ZeuS: 'A Virus Known as Botnet'" — Krebs on Security, February 19, 2010