ZeuS malware has been used for some time now to steal personal information from online accounts and while several arrests have taken place in the US and the UK this Trojan is proving difficult to stop.
Arresting several organisations unfortunately won’t suddenly mean that this nasty piece of software vanishes. ZeuS is very adaptable malware which can be fine tuned to cause damage on a variety of levels. The main task of ZeuS is to steal usernames and passwords from Windows machines so criminals can use them to illegally transfer money from victim’s accounts.
Eric Skinner, CTO of Entrust said “There’s a community building it and supporting it. There’s no one person to take down. If one person stops updating, somebody else will pick up the task. It’s not like when you shut down a software company and the product ceases to be developed.”
Another major issue is that the core team behind the code can hide behind layers of command and control servers, ISPs and domain registrars and international borders.
“Even if we work with law enforcement, we’re still not getting them,” saidPedro Bueno, malware research scientist at McAfee Labs. “It takes several hops to get to them. We are real close to them but are never able to get to the final destination where they are.”
Theories so far claim that the current day, main developers are a group of highly skilled Eastern European coders. The way it is constantly adapting is proving troublesome to stop. For instance in the attempt to stop illegal account accessing, banks have been sending their customers SMS messages with a one time code to verify legimate access. A new mobile based Zeus addon can grab the one line code and then pass it over to the ZeuS command and control server to let the criminals use it to access the accounts.
KitGuru says: This has proven to be one of the most prolific and dangerous Trojans in recent years.