Zeus (malware): Difference between revisions

Help

From Wikipedia, the free encyclopedia

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Inline

Revision as of 11:40, 1 May 2014

Mastermind Pleads Guilty], FBI

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Infostealer Keystroke logging Malbot Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast

v t e Botnets
Notable botnets	3ve Akbot Asprox Bagle BASHLITE Bredolab Cutwail Conficker Donbot Festi Grum Gumblar Kelihos Koobface Kraken Lethic Mariposa Mega-D Mirai Metulji Nitol Rustock Sality Slenfbot Srizbi Storm TDL-4 Torpig Virut Vulcanbot Waledac ZeroAccess Zeus
Main articles	Browser security Computer virus Computer worm Malbot Internet security Malware Man-in-the-browser Network security Operation: Bot Roast Trojan horse

Retrieved from "https://en.wikipedia.org/w/index.php?title=Zeus_(malware)&oldid=606612104"

Categories:

@@ Line 1: / Line 1: @@
-{{Use dmy dates|date=January 2014}}
-{{Redirect|Zbot|the action figures|Zbots}}
-{{other uses|Zeus (disambiguation)}}
-<!-- Deleted images removed: [[File:Kneber botnet.jpg|thumb|right|300px|Breakdown of the percentage of the OS's targeted {{puic|Kneber botnet.jpg|2010 February 23}}]] [[File:Chart-zeus-infected-countries.jpg|thumb|right|300px|Top 10 country affected by the Zeus bot net{{clarify|date=August 2010|reason=tell reader what the codes mean!}}]]-->
-'''Zeus''', ZeuS, or Zbot  is [[Trojan horse (computing)|Trojan horse]] [[computer]] [[malware]] that runs on computers running under versions of the [[Microsoft Windows]] [[operating system]]. While it is capable of being used to carry out many malicious and criminal tasks, it is often used to steal banking information by [[man-in-the-browser]] [[keystroke logging]] and [[form grabbing]]. It is also used to install the [[CryptoLocker]] [[ransomware (malware)|ransomware]].<ref name=details>{{cite web|last=Abrams|first=Lawrence|title=CryptoLocker Ransomware Information Guide and FAQ|url=http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information|work=[[Bleeping Computer]]|accessdate=25 October 2013}}</ref> Zeus is spread mainly through [[drive-by download]]s and [[phishing]] schemes. First identified in July 2007 when it was used to steal information from the [[United States Department of Transportation]],<ref>{{cite news |url= http://www.reuters.com/article/domesticNews/idUSN1638118020070717 |title= Hackers steal U.S. government, corporate data from PCs |author= Jim Finkle |date= 17 July 2007 |work= Reuters |accessdate=17 November 2009}}</ref> it became more widespread in March 2009. In June 2009 security company [[Prevx]] discovered that Zeus had compromised over 74,000 [[File Transfer Protocol|FTP]] accounts on websites of such companies as the [[Bank of America]], [[NASA]], [[Monster.com]], [[American Broadcasting Company|ABC]], [[Oracle Database|Oracle]], Play.com, [[Cisco Systems|Cisco]], [[Amazon.com|Amazon]], and ''[[BusinessWeek]]''.<ref>{{cite web |url= http://www.thetechherald.com/article.php/200927/3960/ZBot-data-dump-discovered-with-over-74-000-FTP-credentials |title= ZBot data dump discovered with over 74,000 FTP credentials |author= Steve Ragan |date= 29 June 2009 |work= The Tech Herald |accessdate=17 November 2009}}</ref>
+Mastermind Pleads Guilty], [[FBI]]
-== Targeted information ==
-Zeus controllers can fine tune the copy of Zeus they are using to steal only information they are interested in; typically login credentials for [[Social network|online social networks]], [[e-mail account]]s, [[online banking]] or other online financial services. The top sites with stolen login credentials, according to [[Netwitness]]' report are [[Facebook]], [[Yahoo]], [[Hi5 (website)|Hi5]], [[Metroflog]], [[sonico.com|Sonico]] and [[Netlog]].
-== Detection and removal ==
-Zeus is very difficult to detect even with up-to-date antivirus software as it hides itself using [[Stealth virus|stealth techniques]]{{Citation needed|date=December 2013|reason=This sort of statement could always benefit from a source; but in this case I've heard that both the files and the registry entries used by Zbot, at least older versions, are easily found. pol098}}.  It is considered that this is the primary reason why the Zeus malware family has become the largest botnet on the Internet: some 3.6 million [[Personal computer|PCs]] are said to be infected in the U.S. alone. Security experts are advising that businesses continue to offer training to users to teach them not to click on hostile or suspicious links in emails or Web sites, and to keep antivirus protection up to date. Antivirus software does not claim to reliably prevent infection; for example [[Symantec]]  Browser Protection says that it can prevent "some infection attempts".<ref name="Symantec">{{cite web|url=http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99|title=Trojan.Zbot|publisher=[[Symantec]]|accessdate=19 February 2010}}</ref>
-One countermeasure would be to run a hardware-based solution that is a non-writable, read-only file system and web browser, such as a ''secure hardware browser'' .  Data is never stored on the device and the media cannot be overwritten. Each time the bootable media is started the browser starts in a known clean and secure operating environment.  When the device is used to access online financial services immediately after boot, it is operating in a clean environment and free from any crimeware.
-== FBI crackdown ==
-[[File:FBI Fraud Scheme Zeus Trojan.jpg|thumb|[[FBI]]: The Zeus Fraud Scheme]]
-In October 2010 the US [[FBI]] announced that hackers in [[Eastern Europe]] had managed to infect computers around the world using Zeus. The virus was disseminated in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the trojan software installed itself on the victimized computer, secretly capturing passwords, account numbers, and other data used to log into online banking accounts.
-The hackers then used this information to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of [[money mule]]s, paid a commission. Many of the U.S. money mules were recruited from overseas. They created bank accounts using fake documents and false names. Once the money was in the accounts, the mules would either wire it back to their bosses in Eastern Europe, or withdraw it in cash and smuggle it out of the country.<ref>{{cite web |url= http://www.fbi.gov/page2/oct10/cyber_100110.html |title= CYBER BANKING FRAUD Global Partnerships Lead to Major Arrests |author= FBI |date= 1 October 2010 |accessdate=2 October 2010}} {{Dead link|date=October 2010|bot=H3llBot}}</ref>
-More than 100 people were arrested on charges of conspiracy to commit [[bank fraud]] and [[money laundering]], over 90 in the US, and the others in the [[United Kingdom|UK]] and [[Ukraine]].<ref>{{cite news |url=http://www.bbc.co.uk/news/world-us-canada-11457611 |title= More than 100 arrests, as FBI uncovers cyber crime ring |author= BBC |date= 1 October 2010 |accessdate=2 October 2010 |work=BBC News}}</ref> Members of the ring had stolen $70 million.
-In 2013 Hamza Bendelladj, known as Bx1 online, was arrested and deported to [[Atlanta, Georgia]], USA. Early reports said that he was the mastermind behind ZeuS. He was accused of operating [[SpyEye]] (a bot functionally similar to ZeuS) botnets, and suspected of also operating ZeuS botnets. He was charged with several counts of wire fraud and computer fraud and abuse.<ref>{{cite web|last=Zetter |first=Kim |url=http://www.wired.com/threatlevel/2013/05/spyeye-zeus-botmaster-indicted/ |title=Alleged 'SpyEye' Botmaster Ends Up in America, Handcuffs, Kim Zetter, Wired, 3 May 2013 |publisher=Wired.com |date= |accessdate=2014-01-30}}</ref> Court papers allege that from 2009 to 2011 Bendelladj and others "developed, marketed and sold various versions of the SpyEye virus and component parts on the Internet and allowed cybercriminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information". It was also alleged that Bendelladj advertised SpyEye on Internet forums devoted to cyber- and other crimes and operated Command and Control servers.<ref name=vaas>{{cite web|url=http://nakedsecurity.sophos.com/2013/05/07/alleged-spyeye-mastermind-extradited-to-us/ |title=Alleged "SpyEye" mastermind extradited to US, Lisa Vaas, 7 May 2013, Sophos nakedsecurity |publisher=Nakedsecurity.sophos.com |date=2013-05-07 |accessdate=2014-01-30}}</ref> The charges in Georgia relate only to SpyEye, as a SpyEye botnet control server was based in Atlanta.
-== Possible retirement of creator==
-In late 2010, a number of Internet security vendors including [[McAfee]] and [[Internet Identity]] claimed that the creator of Zeus had said that he was retiring and had given the [[source code]] and rights to sell Zeus to his biggest competitor, the creator of the [[SpyEye]] trojan. However, those same experts warned the retirement was a ruse and expect the developer to return with new tricks.<ref>{{cite news |url=http://www.reuters.com/article/idUSTRE69S54Q20101029 |title= Top hacker "retires"; experts brace for his return |author= Diane Bartz |date= 29 October 2010 |accessdate=16 December 2010 |work=Reuters}}</ref><ref>{{cite news |url=http://finance.yahoo.com/news/Growth-in-Social-Networking-bw-1970284612.html?x=0&.v=1 |title= Growth in Social Networking, Mobile and Infrastructure Attacks Threaten Corporate Security in 2011 |author= Internet Identity |date= 6 December 2010 |accessdate=16 December 2010 |work=Yahoo! Finance}}</ref>
-{{As of|2013|5|13}} the source code and compiled binaries were being hosted on [[GitHub]].<ref>{{cite web|url=https://github.com/Visgean/Zeus |title=Visgean/Zeus |publisher=Github.com |date= |accessdate=2014-01-30}}</ref>
-==See also==
-* [[Conficker]]
-* [[Timeline of computer viruses and worms]]
-* [[Torpig]]
-{{clear}}
-==References==
-{{Reflist|30em}}
-==External links==
-{{wikinews|Zeus botnet trojan horse is back}}
-*[http://www.trusteer.com/files/Zeus_and_Antivirus.pdf "Measuring the in-the-wild effectiveness of Antivirus against Zeus"] Study by Internet security firm Trusteer.
-*[http://www.antisource.com/article.php/zeus-botnet-summary "A summary of the ZeuS Bot"] A summary of ZeuS as a Trojan and Botnet, plus vector of attacks.
-*{{youtube|CzdBCDPETxk}}
-*[http://www.netwitness.com/resources/kneber.aspx"The Kneber BotNet" by Alex Cox] NetWitness Whitepaper on the Kneber botnet.
-*[http://www.ad.nl/ad/nl/1004/Economie/article/detail/499760/2010/07/24/Belgie-legt-fraude-met-onlinebankieren-bloot.dhtml "België legt fraude met onlinebankieren bloot"] Dutch news article about a banking trojan
-*[http://www.malwarehelp.org/find-and-remove-zeus-zbot-banking-trojan-2009.html "Indications in affected systems"] Files and registry keys created by different versions of Zeus Trojan.
-* {{fr}} [http://www.b3b.ch/2010/12/12/zeus-le-dieu-des-virus-contre-les-banques/ Zeus, le dieu des virus contre les banques]
-* [http://pastehtml.com/view/1ego60e.html Zeus Bot's User Guide]
-* [https://github.com/Visgean/Zeus Zeus source code at GitHub]
-* [http://www.fbi.gov/news/stories/2014/january/spyeye-malware-mastermind-pleads-guilty Botnet Bust - SpyEye Malware Mastermind Pleads Guilty], [[FBI]]
 {{Malware}}