Security experts have warned that the on-line banking Trojan known as Zeus or Zbot could become one of the most challenging yet, confirming the malware often goes undetected by popular anti-virus packages.
Trusteer Inc, which specialises in threat protection for online businesses, has reported the Trojan could already have infected as many as 1% of all US PCs and stands as the world’s number one botnet.
The company said in tests based on data collected from consumer PCs during one day in September it found that 55% of machines were infected with the Trojan, despite 71% of the machines having to-date anti-virus systems.
“The effectiveness of an up-to-date anti-virus against Zeus is just 23%” the company reports in a white paper produced on the issue.
Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the internet today, the company said.
“It infects consumer PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.”
Security specialists suggest the best way to prevent infection is to simply be cautious of opening dangerous file attachments in email, and by enabling browser protection to limit scripts and file downloads.
“Web filtering can be a powerful technique in limiting the effectiveness of Zeus by preventing access to distribution and call-home points” Green Cloud Security noted in an official blog.
In a company blog posted by Tumbleweed Communications, the vendor suggests that the repercussions of Zeus could be widespread and says it “has completely changed the way IT security professionals are thinking about FTP.”
It claims that as many as 90,000 FTP services from businesses like Amazon, Bank of America and Cisco could have been affected. “And now, because of the way FTP works, and because of the way these companies store credentials, it is possible that that number could grow exponentially.”
The only way to bring a serious level of security is to deploy a proper managed file transfer solution that doesn’t store credentials that can be stolen or compromised by a Trojan, it said.
