New Research Study on Zeus Released by Trend Micro

Trend Micro, in its newly-published study named "Zeus: A Persistent Criminal Enterprise", says that of late, there has been an increase in the samples of Trojan Zeus at the rate of 300 daily on average.

Describing Zeus, Trend Micro said that it is chiefly a crimeware package which helped in the theft of Internet users' credentials for online banking along with other things. Moreover, it was associated with the organized criminals of Eastern Europe who designed it. Currently, it is available for sale-and-purchase by cyber-criminals in the underground shopping arena.

Trend Micro reportedly saw over 13,000 distinct Zeus samples alone in January 2010.

Trend Micro CTO, Raimund Genes commented on the findings and stated that Zeus is not a new concept, its there since many years. However, its recent upsurge in attacks is a worrisome issue, as reported by Net-security.org on March 10, 2010.

Furthermore, according to the study, to build the Zeus infected botnets, an extremely adaptable configuration file is used, which provides various particulars. These are: the bot network's name, the frequency in which it will transmit captured data back to the botmaster, as well as the server to which the bot must link up with. More significantly, there's a list in this file which enlists the banks Zeus is most likely to target.

Continuing further, Trend Micro also discusses an important characteristic of the new Zeus versions viz., the "Jabber" utility. This utility represents an IM (instant messaging) program of the open source type. Thus, JabberZeus represents a variant of Zeus through which the captured banking credentials are transmitted back via IMs. Subsequently, the botmaster uses those credentials to log into the victim's account without getting noticed.

Reportedly, during most of 2009, Zeus samples were spread through the Avalanche botnet as well. This botnet launched spam campaigns, which impersonated many well-known Web 2.0 sites such as MySpace and Facebook.

The spammers involved in the operation also attempted at copying e-mail as well as websites belonging to U.S government agencies such as the Internal Revenue Service, the Centers for Disease Control and Prevention, the Social Security Administration and the Federal Deposit Insurance Corporation, reports Trend Micro.

To conclude, the firm commented that the fight against Zeus continues, its not yet finished.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 3/18/2010