Zeus malware (a Trojan Horse malware) is also known as ZeuS or Zbot. This malware runs on different versions of Microsoft Windows and is intended to perform malicious activities on the victim’s computer. The main purpose of creating this malicious program was to steal banking information by man-in-the-browser keystroke logging and form grabbing.
Zeus malware is also used to install CryptoLocker ransomware. The primary ways of infecting are through phishing schemes and drive-by downloads. The malware infection was first recognized stealing information from the United States Department of Transportation in 2007. By March 2009, it became the most widespread malware across the internet.
According to, security company, Prevx; Zeus compromised over 74,000 FTP website accounts. This detail was brought to light in 2009. Zeus malware attacks include companies like BusinessWeek, NASA, ABC, Play.com, Bank of America, Monster.com, Amazon, and Cisco.
Zeus malware tricks users of tech support scams into giving the scam artists money. The pop-up messages claim to have identified a virus in the computer, but in actuality, they might have no viruses at all. The hackers/scammers might use the Event viewer or Command prompt to make the user believe that their computer is compromised.
The threat posed by Zeus decreased when its original creator retired in 2010. This paved the way for several variants to show up on the scene when the source code became public, making this distinct malware consistent and dangerous once again.
What does Zeus Malware do to Computers?
Zeus malware can do a variety of things once it affects a system, however, it actually has two main sections of functionality.
Primarily, it creates a botnet, which is a network of individual computers infected with malicious programs. It is managed as a group without the owners’ knowledge by a command and control server under the control of the malware’s owner. The botnet enables the owner to gather massive amounts of information or execute large-scale attacks.
The malware is designed to recognize when the user is on a banking website and records the keystrokes used to log in. Now, Zeus malware has been mainly neutralized, the Trojan lives on as its components are used (and built upon) in a large number of new and emerging malware.
Zeus Malware Detection
The malware is really tough to detect, even with up-to-date antivirus as it is designed with stealth techniques to hide – this is another reason why it has become one of the largest botnets on the Internet.
According to Damballa, Zeus malware infected 3.6 million PCs in the U.S.A in 2009. Thereby, it is vital to learn and share the knowledge about steering clear from such attacks. Avoid clicking on hostile or suspicious links in emails or on web sites, and always keep the antivirus protection up to date. Some antivirus software doesn’t claim to reliably prevent infection and is capable of preventing some infection attempts.
The Unanticipated FBI Crackdown
Zeus malware hackers in Eastern Europe successfully infected computers across the globe using Zeus, this information was officially confirmed by the FBI in October 2010. Initially, the botnet was circulated to the victims through the email. After the user opened the emails, the malicious program stealthily installed itself on the victimized computer. After successful entry, it secretly started to capture account numbers, passwords and other important data used to log into online banking accounts.
The harvested information from the victim’s computer helped the hackers take over the victims’ bank accounts and make unapproved transfers of thousands of dollars. The misappropriated funds were sent out to other accounts controlled by a network of money mules who received a commission for their assistance. The hackers recruited money mules from overseas to play it safe.
The money mule account operators created bank accounts using fake documents and false names. As soon as the money was transferred to their accounts, they encashed and smuggled it to the hackers or wired it to them. The FBI arrested over 90 people in the US, and 10 in the UK and Ukraine on charges of conspiracy to commit bank fraud and money laundering. The gang swindled approximately $70 million.
Hamza Bendelladj, a Thailand national, was arrested in 2013 and deported to Atlanta, Georgia, USA. He was known as Bx1 online who was the mastermind behind Zeus attacks. He was held responsible for operating SpyEye – a bot functionally similar to ZeuS. He was also suspected of operating Zeus botnets.
The Online fraudster was charged with several counts of wire fraud, computer fraud and abuse. The official papers from the court declared that between 2009 and 2011 Bendelladj and others developed, marketed, and sold various versions of the SpyEye virus.
They also sold the component parts online which helped the other online criminals customize their versions to add methods of collecting victims’ personal and financial information. He was also accused of advertising SpyEye on the online forums devoted to cyber and other crimes. The SpyEye botnet control server was based in Atlanta and the charges in Georgia relate only to SpyEye.
Need 100% protection against Zeus Malware?
Comodo Advanced Endpoint Protection (Comodo AEP), Get complete protection for every endpoint on your network.
→ Free Trial for 30 days
→ 7-Layers Enpoint Security Platform
→ Default Deny Security
→ Cloud-based Advanced Malware Analysis
How to Protect Endpoints from a Zeus Malware Attack?
As the old saying goes – “prevention is better than cure,” it is best to stay protected through safe internet practices. Avoid visiting websites that are unknown or suspicious, websites that deal with adult content, illegal downloads or illegal free software. The owners of these websites have no issues letting malware owners host their software on the site.
On the other hand, by simply not clicking on social media messages or links in email, you can stay safe.. Treat all messages equally and if the message arrives from a source affiliated with Zeus, chances are the message could pose a possible threat.
Make use of the two-factor authentication, whereby the financial website triggers a confirmation code to be sent to your mobile device and confirm the login is legit. Recently, a few offshoots from Zeus infected smart devices, too. Below are a few tips for individuals and businesses:
For Individual Users:
- Never visit suspicious websites
- Be careful when opening e-mails or attachments from unknown sources.
- Back up your files regularly
- Have the popup blockers enabled always
- Keep your computer OS and antivirus software up-to-date
For Businesses (Corporates):
- Implement stringent controls on privileged accounts
- Have a proper data backup and recovery plan
- Make sure all the corporate-connected devices are up to date
Since the advent of BYOD, users have been accessing corporate data from outside of the office and through preferred networks. This makes it all the more vulnerable for hackers to infiltrate through the defense systems to steal potential banking details from websites that deal with a lot of online fund transactions, e.g., e-commerce sites, banking sites, online ticket booking sites and so on. A powerful, updated antivirus solution is a must to stay away from such vulnerabilities.
When it comes to the business safety, antivirus products are not a viable option. The ideal way to disarm Zeus malware is to have an advanced endpoint protection system in place. Comodo Advanced Endpoint protection (AEP) is such a solution which provides real-time protection for all of your endpoints.
Comodo AEP isolates malware (including ransomware) from penetrating your company’s local area network at the device layer and executes them in an isolated or restricted system environment. It is the most intelligent endpoint protection solution that offers multiple layers of protection against both known and unknown threats. Basically, the Advanced Endpoint Protection can easily scan the endpoints and remove the malware if it already exists on the device.
The Comodo AEP offers complete 360-degree protection for the endpoints connected to the corporate network both locally and virtually. It combines numerous security techniques to defend the corporate network and endpoints with complete protection. Some of the robust features include:
Host Intrusion Prevention System (HIPS) – It blocks malicious activities by monitoring the behavior of the code.
Containment Technology – This works on Artificial Intelligence and moves the unknown files in a virtual isolated container. This file is later analyzed and the intention of the file is known. It ensures that the users can run programs and applications on their enterprise endpoints; however, the known good applications run as usual while the unknown suspicious files run in the virtual environment.
IT and Security Manager – It is a single console to ensure efficient IT security and device management. It provides a complete report on the status of each device and its level of security.
The Zeus Trojan has infected millions of computers across the globe in a relatively short time. The original creator is no longer running Zeus Malware however, the code is still very much available online to customize per hacker needs. In order to prevent, the corporate networks and endpoints falling victim to the financial data theft, it we recommend choosing Comodo AEP.
For further details on Comodo Advanced Endpoint Protection, contact us at EnterpriseSolutions@comodo.com or +1 888-256-2608.