Microsoft Takes On the World's Leading Banking Trojan

Microsoft has added detection routines for the infamous ZeuS trojan to the new Malicious Software Removal Tool (MSRT) version, delivered via Windows Update yesterday.

ZeuS is one of the most prevalent computer trojans and it is commonly used by cyberfraudsters, due to its flexibility and sophisticated information stealing features.

ZeuS is sold as a crimeware toolkit, which criminals can buy and use to generate customized versions of the trojan and associated command and control (C&C) server.

To differentiate between the toolkit and the actual trojan, some security researchers and antivirus vendors refer to the first as ZeuS and the latter as ZBot (short for ZeuS Bot).

ZBot-infected computers join together to form remotely controlled botnets, and because numerous variations of the trojan are released on a daily basis, there are hundreds of active ZeuS botnets at any given time.

"This family is quite prolific even if the intent behind some of the botnets is unclear. That said, we find ourselves knocking on Zbot’s door this month, and we’re glad we are," says Matt McCormack from Microsoft's Malware Protection Center (MMPC) in Melbourne, Australia.

"Zbot is the latest addition to MSRT’s ever-growing list of malware, and we hope to continue protecting the Windows ecosystem with this new family firmly in our sights," he adds.

The widespread aspect of this trojan family, in both number of victims and active versions, makes it hard for antivirus vendors to keep up with the threat.

In addition, many ZeuS gangs take a hit-and-run approach to cyberfraud. They start out by making sure their Zbot variant is not detected by any of the top AV products and then launch email or Web-based attacks to distribute it.

Once deployed, the trojan monitors browsing sessions and captures online banking credentials, credit card details and other financial or sensitive information. This stolen data is immediately abused.

Chances are that by the time AV vendors add detection for a particular variant, criminals have already achieved their purpose and siphoned tens of thousands of dollars from the compromised bank accounts.

Just recently, authorities in US, UK and Ukraine, collaborated to dismantle an international ZeuS criminal network responsible for losses of more than $70 million.