Zbot Effectively Dodging Majority of Anti-Virus Programs

One of today's most rampant financially-motivated Trojans, the banking Trojan Zbot, is not identified or removed by majority of anti-virus (AV) solutions due to its ability to morph, according to the news released by security firm Trusteer on September 16, 2009.

The giant Zbot botnet - comprised of 3.6 Million PCs in the US, or 1% of all computers in the country, as per Damballa data - cicurlates Zeus, which accounts for 44% of all financially-motivated malware infections at current, reported Trusteer.

CEO and Founder of Trusteer, Mickey Boodaei, said that an examination of 10,000 systems infected by Zbot in September 2009 revealed that bulk of them were running updated anti-virus program, as per the news published by SCMagazine on September 16, 2009. It was found that 55% of Zbot-attacked systems examined were having up-to-date anti-virus software installed on them, 3% had no anti-virus program and 14% had the current anti-virus software.

In addition, the firm stated that having a latest AV product will safeguard against Zbot 23% of the time. AV providers will probably have a hard time safeguarding users as the Trojan has advanced morphing as well as rootkit tecniques that enable it to pierce deep into operating systems. Further, Boodaei informed that the Trojan safeguards itself from getting detected and eliminated.

Popularly known as Zeus, Zbot has been in circulation since around 2006. It was lately promulgated through junk e-mails that claimed to be Microsoft Outlook's critical update. The information-stealing Trojan focuses on capturing infected users' banking login details and direct them to malware authors.

It is still vague why Zeus is so cunning; however, Boodaei claims that there are several malware variants that could make it even tough to locate, as per the news published by Dark Reading on September 16, 2009.

CTO of Trusteer and head of the company's research organization, Amit Klein, stated that when they started measuring the competence of anti-virus products in the wild against Zeus, they did not know what sort of results they would get. He also added this is a bad indication for banks and consumers as most of Zeus infections are still going undetected, reported Reuters on September 17, 2009.

Related article: ZBot Trojan Proliferating Inside Facebook: Trend Micro

» SPAMfighter News - 10/7/2009