Zeus Trojan Variants Infesting More Websites

Monday, February 07, 2011



The Zeus Trojan is widely hailed as one of the most dangerous pieces of malware to ever surface in the wild, and the malicious code continues to spread.

Security firm Trusteer reports that a recent survey has revealed an increasing number of websites are now known to host Zeus variants.

The report also shows that a growing number of networks are hosting command and control operations for Zeus-based botnets.

The Trusteer report states:

“The increasing usage of automated registration and servicing systems on the internet means that human operator monitoring of hosted systems has become less frequent in those countries with good internet access."

“As well as driving the cost of hosting downwards, this has the worrying effect of making it all too easy to register and set up a C&C and/or Zeus-infected website plus allied systems, and using the platform to infect the general internet user community.”

The Zeus Trojan can lay dormant for long periods until the user of the infected machine accesses banking accounts, Zeus then harvests passwords and authentication codes.

Trusteer, who specializes in enterprise and consumer vulnerability issues, previously reported they had detected the use of man-in-the-middle and social engineering tactics in conjunction with Zeus, and the Associated Press reported that the malware had also been modified to target enterprise bank accounts.

Security researchers at McAfee warned of a merger of the Zeus Trojan and Spyeye tools last fall, and it appears as if the first toolkit combining the exploits arrived on the black market early this year.

The Zeus Trojan is thought to have netted millions of dollars from victims by spreading through tainted communications designed to look like messages from trusted contacts at popular social networking sites.

Possibly Related Articles:
Viruses & Malware
Trojans malware Botnets Cyber Crime Zeus report variants
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.