The takedown of a rogue internet service provider known as "AS Troyak," which was linked to the prolific Zeus botnet, caused a massive but brief drop in the number of active Zeus command-and-control servers this week before attackers reconnected their criminal operations.
Microsoft has introduced a "fairly major" update to its Malicious Software Removal Tool to detect and kill infections of the insidious and constantly morphing data-stealing malware family known as Zbot, or Zeus. Since the software giant first added detection for Zeus last October, hundreds of thousands of Windows PCs have been expunged of the threat, prominent in banking and e-commerce fraud. But as Zeus, which recently merged code bases with SpyEye, continues to acquire advanced evasion capabilities, Microsoft has had to fight "sneakiness with sneakiness," according to a blog post on Wednesday. The company introduced the update as part of its monthly security patches, released on Tuesday.
Microsoft on Tuesday announced that it has added new protection capabilities to its Malicious Software Removal Tool to help organizations fight the insidious data-stealing malware Zeus. The removal tool, released Tuesday as part of Microsoft's monthly security update, detects and cleans the malware. Microsoft researchers said Tuesday in blog post that Zeus, also known as Zbot, is "quite complex and varied" but distributing it does not take much technical sophistication since toolkits to create the malware are easily obtainable on underground forums. The new detection capability comes in the wake of a series of attests disrupting an international cybercrime operation linked to Zeus.— AM
According to an amended complaint filed last week in U.S. District Court in Brooklyn, Microsoft has named two defendants in its Zeus civil lawsuit who previously were listed as "John Does." They currently are in prison.
As if Zeus wasn't already a torment, the insidious banking trojan may become even more prolific now that its source code has been leaked on at least two underground forums, according to researchers at Denmark-based CSIS. Peter Kruse, writing on the company's blog, said the source code for the Zeus toolkit is "freely available for inspection, inspiration or perhaps to be compiled and used in future attacks." He expects the leakage to cause the trojan to become more pervasive. One likely can expect the price to fall too. McAfee researchers in September said the Zeus builder toolkit was going for between $700 and $1,500.