What is ZEUS?

ZEUS is one of the latest pieces of information stealing software aimed at the ever-growing market for financial information stolen from banks, ecommerce web sites and personal computers. More than 1,000 banks and 500 million people use some form of electronic transaction or online banking, providing a huge and tempting target for this type of malicious software.

ZEUS is readily accessible meaning any criminal and even terrorist groups can harness ZEUS

The DIY “exe builder” for the Zeus Trojan can be bought online for just $4,000. Each Zeus Trojan it builds incorporates a kernel level rootkit, which means it can hide from even the most advanced security software. Zeus is not only highly proficient at getting around consumer security products, it is also advanced enough to infiltrate corporate networks, often regardless of what security software is used. Zeus also includes advanced "form injection capabilities" allowing it to modify web pages displayed by bank web sites as they are served on the user's PC. For example, criminals can add an extra field or fields asking for credit card numbers, social security numbers, etc. making it look like the bank is asking you for this data after you have logged on and you believe you are securely connected to your bank.

Because of the way that Prevx software works to detect advanced malware we found an existing example of Zeus that our software had caught. This example was linked to an open directory. Once reported to relevant law enforcement authorities, ISPs and other authorities, we took the opportunity to analyse the data presented by the open directory, which essentially gave us a view of all activities undertaken by this particular variant of the Trojan. Using Geolocation IP data identifying where each and every compromised terminal was (see image below) we could connect, with some accuracy, a vast amount of sensitive personal information from home users, we also found that the Trojan had infected a number of public and private sector organizations, including a mid-sized financial institution in the US. Each of which we separately contacted to inform them of the data breach. Needless to say the data reaped from these organizations was highly sensitive.

Due to the amount of sensitive financial and customer information they hold, financial institutions are increasingly being dragged into the online fraud debate whether they like it or not. Not only do they have to ensure their own institutions are secure from information stealing malware, but they also have a responsibility to each and every customer who uses online banking. In an ideal world security vendor’s consumer and enterprise PC security products would protect this vast pool of data, both within the walls of the bank and at the point of logon for the consumer. However, this is simply not happening. There is a fundamental failing of both consumer and enterprise PC security software to protect against the latest types of malware. And the gap is getting wider and wider. In the last three months the volume of infections we see bypassing the major security products has increased by almost 200% (in three months!).

The cost of issues directly attributable to the failings on PC security software to deal with threats like ZEUS are immense. The direct losses to banks, businesses and individuals is huge. The impact on bank and ecommerce customer confidence is also huge, with affected customers often moving to other banks.

At a time when consumer confidence in financial institutions is at an all time low, safeguarding customer information such as banking logons, account numbers, personal information and transaction details is right at the top of the agenda.

The security industry must shoulder much of the blame

Today no single vendor (ourselves included) and no single product, maybe even all security vendor and products together, will stop more than 60% or so of modern malware.

The security software industry as a whole must address the growing number and variety of threats with a coordinated approach that will keep the user safe. This will require honesty and restraint in advertising products so that users understand that there are still significant risks even after installing security products. It will require significantly greater R&D investment and innovation. And above all else, it will require greater collaboration between vendors.

As an example, and it is by no means isolated, how should a non technical user assess their exposure to ZEUS and other advanced infections after buying a product which the vendor describes as follows on their web site and product packaging:

XXXXXX Total Protection. Which the vendor goes on to describe as follows:

XXXXXX Total Protection™ is hassle-free, all-you-need security ideal for people who are constantly online for communication, shopping, banking, trading or viewing entertainment.

With Phrases like all-you-need security and Total Protection used to promote the product which patently will not provide anything like all-you-need or Total Protection the user is left in no doubt - they are immune to ZEUS or any other PC infection.

Check out the The UK Trades Descriptions Act for the relevant law on this.

Recently, one of our users asked for a refund after a confirmed ZEUS infection they had on their computer had not been detected by two of the leading PC security products, including the one mentioned above. The customer therefore assumed they couldn't both be wrong. Well, sadly they were. Home users must be prepared to accept what the security vendors already know. Your PC security product is NOT ALL-YOU-NEED and VERY, VERY FAR FROM TOTAL PROTECTION.

When PC security let's you down with infections like ZEUS there are often no signs, your PC security will tell you your PC is clean and safe. Meanwhile ZEUS and other malicious software like it is free to capture whatever information it wants from you and your PC.

Double check your PC for infections at no cost

Even if you think your PC is clean, at least once a week scan your PC with another vendor's security product. If it says you are infected -- it may well be right, take it seriously. Most vendors offer a free scan so it won't cost you at all, but it might save you a whole lot of hassle and money.

If you want, try our free scan now