Microsoft said its free malware cleaning tool has scrubbed the money-stealing Zeus bot from nearly 275,000 Windows computers in under a week.
Zeus, also called Zbot, is a crimeware kit that lets criminals create customised malware that they can use to infect PCs. Hackers deploy Zeus to steal usernames, passwords and other information necessary to log in to online bank accounts. So-called 'money mules' then withdraw money from the compromised accounts and wire the funds to the gang's organisers.
Microsoft added Zeus/Zbot detection to its Malicious Software Removal Tool (MSRT), a free malware-removal program that the company updates each month and distributes alongside its Patch Tuesday security fixes. MSRT does not prevent attack code from getting on a Windows machines. Instead, it detects infected machines and then deletes the malware.
Since the addition, MSRT has removed 281,491 copies of Zeus from 274,873 PCs, Microsoft said in a blog. Those numbers put the Zeus bot into the top spot on MSRT's hit list.
Zeus infections accounted for 20.4 percent of all machine cleanings since last Tuesday, said Jeff Williams, the director of Microsoft's Malware Protection Center, in the blog. "[That] ratio [is] higher than we typically see even when accounting for the normal, first-month spike which results from adding a new family," Williams said. "But not exceptionally so."
Zeus, which first appeared in 2007, made headlines late last month when authorities in the US, the UK and Ukraine arrested more than 100 members of a Zeus gang. The group stole an estimated $200m from consumers and small businesses over a four-year span.
Users can manually download MSRT from Microsoft's site, or use Windows Update to retrieve and install the tool.
See also: Zeus botnet hits 100,000 UK computers