We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Zeus botnet hits 100,000 UK computers

Trusteer says AV software failing to spot threat

At least 100,000 computers in the UK are infected with the Zeus malware, an advanced piece of spying software that is regularly defeating most antivirus software suites, according security vendor Trusteer.

Researchers at Trusteer managed to analyse a server used to collect details from the hacked PCs, which likely became infected by visiting websites engineered to attack computers and install Zeus, said Mickey Boodaei, Trusteer's CEO.

What they found was startling. Zeus is designed to monitor computers and collect information, but the operators of this group of infected computers have taken data collection to a higher level.

For these hacked computers, Zeus was recording all traffic sent through a browser, including that transmitted using SSL (Secure Sockets Layer), a method used to encrypt sensitive data between two points. Boodaei said Zeus grabs the information before it has been encrypted or just after it has been decrypted.

"Anything the user sees from the browser or anything they type in the browser is being captured by the malware," Boodaei said.

All of the data captured by Zeus is sent to a remote a database, which the Trusteer researchers were able to access. They found that the command-and-control software for Zeus is capable of doing keyword searches in that database, Boodaei said.

Since Zeus can see any data in the browser, it means that the cybercriminals know exactly when a person last accessed their bank account and the account balance without even needing to log into the account.

The Zeus database also holds a lot of other information, such as company e-mail, log-ins for social networking sites and financial credentials, Boodaei said.

Boodaei said the Metropolitan Police have been alerted about Trusteer's findings. Trusteer will share gigabytes of data it has collected with the police in addition with the banks whose customers have been compromised, he said.

Zeus has been so successful due to the high number of variants that have been modified to evade security software. At any one point, Boodaei said that most antivirus software suites only detect Zeus about 10 percent of the time.

"The reason is that Zeus is so sophisticated it keeps changing its behaviour," Boodaei said.

That's also a problem for Trusteer, which makes a widely used product called Rapport, which many UK banks have distributed to their customers for free. Rapport is designed to harden browsers against malware and lock out malware trying to interfere with data exchanged between, for example, a bank and a customer.

Malware will often try to disable security software. Trusteer's Rapport will alert a bank if it is uninstalled. At that point, the bank could forbid the customer in question from performing transactions or tell them their computer is apparently infected. Trusteer is soon adding a component that will allow it to detect and remove certain types of malware from an infected computer.

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model