Zbot evades most anti-virus programs

Share this article:
Updated Thursday, September 17, 2009 at 4:59 p.m. EST

The banking trojan Zbot, which is one of today's most prevalent financially motivated trojans, is not detected or removed by most anti-virus programs because of its ability to morph, according to a report issued Wednesday by internet security firm Trusteer.

An analysis of 10,000 Zbot-infected computers, conducted this month, revealed that a majority were running an up-to-date AV program, Mickey Boodaei, CEO and founder of Trusteer, told SCMagazineUS.com on Wednesday. Fifty-five percent of Zbot-infected computers analyzed were running up-to-date AV programs, 31 percent had no AV and 14 percent had AV that was current, researchers at Trusteer found.

Even so, the company concluded that having an up-to-date AV product will only protect against Zbot 23 percent of the time. AV providers likely are having a tough time protecting users because the trojan has sophisticated morphing and rootkit mechanisms that allow it to penetrate deep into operating systems. Also, it protects itself from detection and removal, Boodaei said.

“It's been clear for years that anti-virus by itself is not enough anymore,” Patrik Runald, senior manger of security research at Websense told SCMagaizneUS.com in an email Wednesday. “It's about security in depth.”

 

Zbot, also commonly known as Zeus, has been circulating since at least 2006, was most recently propagated through spam messages claiming to be a critical update for Microsoft Outlook. The information-stealing trojan aims to capture infected users' banking login credentials and send them back to the malware writers. 

No single AV engine was any better than another at protecting users from the trojan, Boodaei said.

“All the AV vendors have difficulties in detecting and removing Zeus," he said. "It's not limited to specific vendors."

Zulfikar Ramzan, technical director, Symantec Security Response told SCMagazineUS.com in an email Wednesday that there are “some issues” with accuracy of the study since it does not provide a breakdown of individual anti-virus companies' effectiveness of detecting ZBot.

“While the numbers produced are noteworthy, it is important to take them with a grain of salt,” Ramzan said.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.