Zbot evades most anti-virus programs

Share this article:
Updated Thursday, September 17, 2009 at 4:59 p.m. EST

The banking trojan Zbot, which is one of today's most prevalent financially motivated trojans, is not detected or removed by most anti-virus programs because of its ability to morph, according to a report issued Wednesday by internet security firm Trusteer.

An analysis of 10,000 Zbot-infected computers, conducted this month, revealed that a majority were running an up-to-date AV program, Mickey Boodaei, CEO and founder of Trusteer, told SCMagazineUS.com on Wednesday. Fifty-five percent of Zbot-infected computers analyzed were running up-to-date AV programs, 31 percent had no AV and 14 percent had AV that was current, researchers at Trusteer found.

Even so, the company concluded that having an up-to-date AV product will only protect against Zbot 23 percent of the time. AV providers likely are having a tough time protecting users because the trojan has sophisticated morphing and rootkit mechanisms that allow it to penetrate deep into operating systems. Also, it protects itself from detection and removal, Boodaei said.

“It's been clear for years that anti-virus by itself is not enough anymore,” Patrik Runald, senior manger of security research at Websense told SCMagaizneUS.com in an email Wednesday. “It's about security in depth.”

 

Zbot, also commonly known as Zeus, has been circulating since at least 2006, was most recently propagated through spam messages claiming to be a critical update for Microsoft Outlook. The information-stealing trojan aims to capture infected users' banking login credentials and send them back to the malware writers. 

No single AV engine was any better than another at protecting users from the trojan, Boodaei said.

“All the AV vendors have difficulties in detecting and removing Zeus," he said. "It's not limited to specific vendors."

Zulfikar Ramzan, technical director, Symantec Security Response told SCMagazineUS.com in an email Wednesday that there are “some issues” with accuracy of the study since it does not provide a breakdown of individual anti-virus companies' effectiveness of detecting ZBot.

“While the numbers produced are noteworthy, it is important to take them with a grain of salt,” Ramzan said.
Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.