What is Zeus Trojan Malware?

Zeus Malware
Zeus Malware

Zeus malware (a Trojan Horse malware) is also known as ZeuS or Zbot. This malware runs on different versions of Microsoft Windows and is intended to perform malicious activities on the victim’s computer. The main purpose of creating this malicious program was to steal banking information by man-in-the-browser keystroke logging and form grabbing.

Zeus malware is also used to install CryptoLocker ransomware. The primary ways of infecting are through phishing schemes and drive-by downloads. The malware infection was first recognized stealing information from the United States Department of Transportation in 2007. By March 2009, it became the most widespread malware across the internet.

According to, security company, Prevx; Zeus compromised over 74,000 FTP website accounts. This detail was brought to light in 2009. Zeus malware attacks include companies like BusinessWeek, NASA, ABC, Play.com, Bank of America, Monster.com, Amazon, and Cisco.

Zeus malware tricks users of tech support scams into giving the scam artists money. The pop-up messages claim to have identified a virus in the computer, but in actuality, they might have no viruses at all. The hackers/scammers might use the Event viewer or Command prompt to make the user believe that their computer is compromised.

The threat posed by Zeus decreased when its original creator retired in 2010. This paved the way for several variants to show up on the scene when the source code became public, making this distinct malware consistent and dangerous once again.

What does Zeus Malware do to Computers?

Zeus malware can do a variety of things once it affects a system, however, it actually has two main sections of functionality.

Primarily, it creates a botnet, which is a network of individual computers infected with malicious programs. It is managed as a group without the owners’ knowledge by a command and control server under the control of the malware’s owner. The botnet enables the owner to gather massive amounts of information or execute large-scale attacks.

The malware is designed to recognize when the user is on a banking website and records the keystrokes used to log in. Now, Zeus malware has been mainly neutralized, the Trojan lives on as its components are used (and built upon) in a large number of new and emerging malware.

Zeus Malware Detection

The malware is really tough to detect, even with up-to-date antivirus as it is designed with stealth techniques to hide – this is another reason why it has become one of the largest botnets on the Internet.

According to Damballa, Zeus malware infected 3.6 million PCs in the U.S.A in 2009. Thereby, it is vital to learn and share the knowledge about steering clear from such attacks. Avoid clicking on hostile or suspicious links in emails or on web sites, and always keep the antivirus protection up to date. Some antivirus software doesn’t claim to reliably prevent infection and is capable of preventing some infection attempts.

The Unanticipated FBI Crackdown

Zeus malware hackers in Eastern Europe successfully infected computers across the globe using Zeus, this information was officially confirmed by the FBI in October 2010. Initially, the botnet was circulated to the victims through the email. After the user opened the emails, the malicious program stealthily installed itself on the victimized computer. After successful entry, it secretly started to capture account numbers, passwords and other important data used to log into online banking accounts.

The harvested information from the victim’s computer helped the hackers take over the victims’ bank accounts and make unapproved transfers of thousands of dollars. The misappropriated funds were sent out to other accounts controlled by a network of money mules who received a commission for their assistance. The hackers recruited money mules from overseas to play it safe.

The money mule account operators created bank accounts using fake documents and false names. As soon as the money was transferred to their accounts, they encashed and smuggled it to the hackers or wired it to them. The FBI arrested over 90 people in the US, and 10 in the UK and Ukraine on charges of conspiracy to commit bank fraud and money laundering. The gang swindled approximately $70 million.

Hamza Bendelladj, a Thailand national, was arrested in 2013 and deported to Atlanta, Georgia, USA. He was known as Bx1 online who was the mastermind behind Zeus attacks. He was held responsible for operating SpyEye – a bot functionally similar to ZeuS. He was also suspected of operating Zeus botnets.

The Online fraudster was charged with several counts of wire fraud, computer fraud and abuse. The official papers from the court declared that between 2009 and 2011 Bendelladj and others developed, marketed, and sold various versions of the SpyEye virus.

They also sold the component parts online which helped the other online criminals customize their versions to add methods of collecting victims’ personal and financial information. He was also accused of advertising SpyEye on the online forums devoted to cyber and other crimes. The SpyEye botnet control server was based in Atlanta and the charges in Georgia relate only to SpyEye.

Malware attack

Do you need protection against Zeus-malware?

Comodo Advanced Endpoint Protection (Comodo AEP), Get complete protection for every endpoint on your network.

→ Free Trial for 30 days

→ 7-Layers Enpoint Security Platform

→ Default Deny Security

→ Cloud-based Advanced Malware Analysis

Get Free Trial

How to Protect Endpoints from a Zeus Malware Attack?

As the old saying goes – “prevention is better than cure,” it is best to stay protected through safe internet practices. Avoid visiting websites that are unknown or suspicious, websites that deal with adult content, illegal downloads or illegal free software. The owners of these websites have no issues letting malware owners host their software on the site.

On the other hand, by simply not clicking on social media messages or links in email, you can stay safe.. Treat all messages equally and if the message arrives from a source affiliated with Zeus, chances are the message could pose a possible threat.

Make use of the two-factor authentication, whereby the financial website triggers a confirmation code to be sent to your mobile device and confirm the login is legit. Recently, a few offshoots from Zeus infected smart devices, too. Below are a few tips for individuals and businesses:

For Individual Users:

  • Never visit suspicious websites
  • Be careful when opening e-mails or attachments from unknown sources.
  • Back up your files regularly
  • Have the popup blockers enabled always
  • Keep your computer OS and antivirus software up-to-date

For Businesses (Corporates):

  • Implement stringent controls on privileged accounts
  • Have a proper data backup and recovery plan
  • Make sure all the corporate-connected devices are up to date

Since the advent of BYOD, users have been accessing corporate data from outside of the office and through preferred networks. This makes it all the more vulnerable for hackers to infiltrate through the defense systems to steal potential banking details from websites that deal with a lot of online fund transactions, e.g., e-commerce sites, banking sites, online ticket booking sites and so on. A powerful, updated antivirus solution is a must to stay away from such vulnerabilities.

When it comes to the business safety, antivirus products are not a viable option. The ideal way to disarm Zeus malware is to have an advanced endpoint protection system in place. Comodo Advanced Endpoint protection (AEP) is such a solution which provides real-time protection for all of your endpoints.

Comodo AEP isolates malware (including ransomware) from penetrating your company’s local area network at the device layer and executes them in an isolated or restricted system environment. It is the most intelligent endpoint protection solution that offers multiple layers of protection against both known and unknown threats. Basically, the Advanced Endpoint Protection can easily scan the endpoints and remove the malware if it already exists on the device.

The Comodo AEP offers complete 360-degree protection for the endpoints connected to the corporate network both locally and virtually. It combines numerous security techniques to defend the corporate network and endpoints with complete protection. Some of the robust features include:

Host Intrusion Prevention System (HIPS) –  It blocks malicious activities by monitoring the behavior of the code.

Containment Technology – This works on Artificial Intelligence and moves the unknown files in a virtual isolated container. This file is later analyzed and the intention of the file is known. It ensures that the users can run programs and applications on their enterprise endpoints; however, the known good applications run as usual while the unknown suspicious files run in the virtual environment.

IT and Security Manager – It is a single console to ensure efficient IT security and device management. It provides a complete report on the status of each device and its level of security.

The Zeus Trojan has infected millions of computers across the globe in a relatively short time. The original creator is no longer running Zeus Malware however, the code is still very much available online to customize per hacker needs. In order to prevent, the corporate networks and endpoints falling victim to the financial data theft, it we recommend choosing Comodo AEP.

For further details on Comodo Advanced Endpoint Protection, contact us at EnterpriseSolutions@comodo.com or +1 888-256-2608.

What is Zeus Malware
Related Resources
Endpoint Security
Trojan Virus

Website Backup

Website Malware Scanner

Website Status

Network Security

Network Security Work

Network security refers to the set of measures taken to protect a network from various security threats. These set of measures usually involve several policies and practices which aim at preventing unauthorized access to the network. By doing so, they prevent any misuse of the network’s resources.
How Does Network Security Work?
Network security revolves around 2 processes: authentication and authorization. The first process, authentication, is similar to our access cards which ensure only those who have the right to enter a building enter it. In other words, authentication checks and verifies that it is indeed the user belonging to the network who is trying to access or enter it, thereby preventing unauthorized intrusions.

Next comes authorization. This process decides the level of access to be provided to the recently authenticated user. For example, the admin of the network needs access to the entire network, whereas those working within it probably need access to only certain areas within the network. Based on the network user’s role, the process of determining the level of access or permission level is known as authorization.
How Do I Benefit From Network Security?
Enterprises cannot survive without network security. Because the dangers posed by hackers, disgruntled employees, untrained employees etc., are simply too many to be handled without proper defense. Network security is especially critical today because of the rapidly changing cybersecurity threat landscape. Therefore let’s take a look at some of the benefits of having a network security tool.

  • Protection Of Confidential Data: Network security is not just about regulating what enters or leaves a network, it’s also about protecting what’s present inside of it. That is the data it contains. Enterprises generally contain a lot of confidential data which when leaked can put their businesses at stake. Such data security breaches can be prevented through network security.
  • Longevity Of Computers: By protecting your network against various security threats like malware, DDOS attacks, hacktivism etc., you are enhancing the longevity of your computers. Because the more secure your network, the better condition your computers would be in.
  • Closed Environment Protected From The Internet: Network security offer a closed environment which is well-protected from the internet and the various external security threats. This is especially true in the case of private networks.

Top 5 Fundamentals Of Network Security

  1. Patch Management: Irrespective of how strong your network security tools are, they would be of no use if you don’t have a proper patch management system in place to keep all of your network’s software up-to-date. Good patching is an inseparable part of network security.
  2. Strong and Complex Passwords: Ensure everything within the network – not just computers – is protected by strong and complex passwords and not by default and easily guessable ones. This simple step can go a long way toward securing your networks.
  3. Virtual Private Network (VPN): VPN stands for virtual private network. It allows mobile users of the network to access it safely and securely because data is particularly vulnerable when it is traveling over the internet. Therefore ensure VPN(s) provision – with the strongest protocols – is implemented to improve your network security.
  4. User Access Privilege Monitoring: Next is to ensure user access privileges are monitored properly. Because, if this is not done, the exploitation of the user access privileges can lead to several dangerous insider threats which can cause irreparable losses.
  5. Inactive Account Management: Network infiltration via inactive accounts is not a new thing. In fact, it’s one of the most popular forms of hacks. Therefore ensure the various inactive accounts within the networks are managed or disposed of properly.

Types Of Network Security
There are different forms which network security can take. Some of them are:

  • Access Control: Like mentioned before, this is the core to network security. Basically, this is the provision which keeps out potential hackers and blocks non-compliant devices or gives them limited access. This process is known as network access control (NAC).
  • Antivirus and Antimalware Suites: There cannot be network security without security software. In other words, a crucial part of network security is the implementation of security software.
  • Application Security: Another security provision which supplements good patching and which is an essential part of network security. Because all applications contain security vulnerabilities and therefore they need this extra layer of protection.
  • Email Security: Emails serve as gateways to enter any network. Just fit them with malware and they can end up infecting the whole network through a simple yet malicious attachment. Therefore email security tools too should form the part of your network security program.
  • And More: There’s no definite list to what goes into network security and the types of elements that should form your network security program. Some of the other security tools include data loss prevention, behavior analytics, security information and event management (SIEM), mobile device management (MDM) etc., which help with network security.

5 Ways Endpoint Security And Network Security Should Work Together
Endpoint security is one major aspect of network security. They are responsible for protecting various endpoints which connect to the network and also the network from the dangers these endpoints pose. Now the important thing is to ensure you select an endpoint security tool which integrates well with other tools you might be using for your network security.

To avoid your endpoint security tool from having a negative effect on your network security, ensure your endpoint security software offers the following:

  1. Threat Intelligence Sharing: All your network security tools gather useful threat intelligence. To put this gathered threat intelligence to effective use, your network security tools – including endpoint security – should be compatible enough with each other to share the gathered intelligence. Therefore, make this your first priority – selecting network security tools which are compatible with each other.
  2. Unknown Threat Prevention: Ensure your endpoint security tool combats the unknown threats. Unknown threats pose a huge problem to networks today. Therefore if your endpoint security tool is equipped enough to handle unknown threats, then the onus on your network would be greatly reduced.
  3. Automation Capability: Ensure all your network security tools – including endpoint security – contain automation capabilities. Because manually operating each of them would not only be an impossible task but one which can lead to a lot of risky errors which can cost you your business. Therefore go for automation when it comes to routine tasks and leave critical ones to manual analysis.
  4. Persistent Protection: Ensure the endpoint security you select offers equal protection to all endpoints. In other words, the same level of protection across endpoints, whether they are online or offline, on premise or off premise. This again is quite critical for your network security.
  5. Provide Solid Visibility: An endpoint security tool which provides full visibility of all users, devices, and data across the entire network is needed. This sort of visibility is quite useful to understand the context of the attack easily, and the more you understand the attack, the better and quicker you’ll be able to solve it.

Network Security
Related Resources


10 Reasons Why Cloud is the future of Endpoint Security

Cloud Endpoint Protection

Endpoint security is not sufficient enough to outplay the current sophisticated threat system, as the gangsters from the underworld are on a roll with new techniques and methods to get in through the corporate network and gain access to all the corporate data.

Corporate network security experts are finding it challenging to integrate different agents on endpoints as each of them have a different interface to manage. This tampers the network giving ways to breaches. Also with the new forms of ransomware and advanced persistent threats on the rise, the advent of a novel security approach is a serious concern. The inception of cloud-based security took its phase to overcome the challenges and problems of endpoint security.

Following are the 10 ways that a cloud-based security is used to address your endpoint security problems:

Staying updated

Cloud helps to get rid of the use of the local infrastructure and thus brings down the most tiring task of maintaining and keeping the corporate network up to date. The cloud-based system provides an organized and refined up-to-date defense system network-wide.

Easily integrated security products

With endpoints agents, integration and configuration is always a nightmare, however, cloud-based APIs makes it easy to unite products with its readily available integrations to generate clear visibility that helps you comprehend the actual status of the network.

Simplified Management

Managing an integration of endpoint detection and response, anti-virus, HIPS, etc. Can be strenuous and challenging. Whereas a cloud-based security system deploys a unified agent to gather data from the endpoints connected to the network. It helps to avoid the hassle of managing multiple agents while it deploys smart intelligence to deliver a well-organized security system.

Securing remote workers

With BYOD taking the upper hand in today’s work environment, employees stay connected to work from anywhere and anytime. Though it benefits the employees, on one hand, it also means that there is no definite control over the users’ devices. The cloud security system prompts users on the updates irrespective of the place and time, entitling the organization to take control and mitigate security risks.

Improves Productivity

Traditional antivirus slows down the devices, which reflects on the users’ productivity. The cloud delivers unlimited storage solution and processing speed and therefore it improves the productivity of the users.

Preventing new attacks

Attackers find new ways and methods to develop new attack vectors to escape the organizations’ security defenses. The cloud-based security systems empower the organization to filter out new suspicious files and programs to analyze and examine the source and intention of the file. With this in place, it is easier to understand and foresee whether the unknown file is genuine or a malware within a limited time span.

Easy to track threats

With a traditional antivirus system, there is no clear idea of the threats being involved. However, the cloud-based security system provides the user with a clear view of the threat landscape – its behavior, mode of attack, source and the purpose of the attack. This empowers the user to understand and generate the right and sharp-witted response to encounter the attacks.

Quick response

Business needs instant solutions and quick responsive stimuli to stay ahead of threats. The cloud-based security system provides a global visibility to contain the identified threats in a virtual console, analyze the threat and give a verdict based on the behavior from the remote.

Information sharing

The cloud also helps to collaborate with the security-related community for support. It helps the users to gain knowledge of the current threats and its modes of infection procedures and process. While joining a forum or community, opt to be anonymous and ensure data privacy when collaborating.

Reduce the burden of managing infrastructure

Maintaining an organization infrastructure is no small feat. It’s more of a challenge that businesses need to invest a lot of time and money to keep storage, computing capabilities and network updated and to make it readily available for instant and responsive solutions. The cloud-system does not have an infrastructure and brings down the burden of managing the infrastructure.

So, the reasons to choose cloud-based endpoint security have broadened the spectrum of opportunities and it is ideal to say that cloud-based security is the future of endpoint security.

Cloud Endpoint Security
Related Resources

What is the Basic Difference Between Endpoint Protection and Antivirus

Endpoint Protection and Antivirus

Typical business security of today is usually antivirus and a firewall. However, today’s threats are getting much more sophisticated making this approach outdated and ineffective. Malware attacks are increasing constantly and this trend is not going to change anytime soon. Online criminals target big companies to steal identities and to inflict malware for zero-day attacks. In the present situation, signature-based products like antivirus cannot provide full coverage and it requires an Endpoint Security Antivirus to effectively ward off such attacks.

What is Endpoint Protection?

An Endpoint can be a Desktop, Laptop, Mobile Phone, Tablet or Server.

Endpoint Security or Endpoint Protection is a methodology to the safeguarding of corporate networks that are remotely connected to client devices. The connection of Laptops, Tablets, Mobile phones and other wireless devices to corporate networks creates an entry point for security threats. So, Endpoint Security is devised to make sure that all devices connecting to a network follow the defined level of compliance standards.

Endpoint security management systems components include an Operating System, an updated Endpoint Antivirus software, and a VPN client (Virtual Private Network). It helps administrators identify and manage both remote and local users who access over a corporate network. Endpoint Security management software approach enables administrators to restrict certain access to specific users. Computer devices which do not adhere to organizations policies and standards can be easily denied access or granted with limited access.

What is Endpoint Antivirus?

Many of us get distracted by the idea that antivirus software is a complete solution for all kinds of online troubles. However, the truth is, antivirus is only one of the core components of your security systems.  Simply put, an antivirus is installed on a machine, it sits in the background, and does real-time scans on emails, websites, downloaded programs, etc. The antivirus software solely depends on virus definitions and heuristics algorithms to protect your computer against online threats.

Endpoint Antivirus Versus

There is an essential difference between Endpoint Antivirus and Endpoint Security Antivirus programs.

In a home environment where there are only a few computers, managing and controlling them is simple and easy. There are no complexities as they don’t come under any central administration. Their routine functions are-:

  • Signature and applications updates are received from developer’s control servers through the internet
  • Antivirus programs are installed on each computer
  • Threat alerts and log entries can be viewed only on the respective computers

On the other hand, Endpoint security antivirus uses a centralized server application. It is the ideal way to manage and control multiple devices. Its features include:

  • Centrally managed interface for configuring endpoints.
  • Access every log entry and alerts of various endpoints from one location
  • Automatic downloading of signature and application updates when released by the central management system
  • Policies and standardization of network usage and access
  • Enforcement of a network-wide standard access and usage policies

Comodo Endpoint Protection

Comodo Endpoint Protection ensures complete safety against internal and external threats. It combines a robust antivirus, packet filtering firewall of enterprise-class and (Defense +) an advanced host intrusion prevention system. It is more capable of providing superior protection against targeted attacks and other threat challenges.

Endpoint Security Antivirus
Related Resources
Endpoint Security
Trojan Virus
Endpoint Detection and Response
Endpoint Protection Cloud
Endpoint Protection Definition