Zbot evades most anti-virus programs

Share this article:
Updated Thursday, September 17, 2009 at 4:59 p.m. EST

The banking trojan Zbot, which is one of today's most prevalent financially motivated trojans, is not detected or removed by most anti-virus programs because of its ability to morph, according to a report issued Wednesday by internet security firm Trusteer.

An analysis of 10,000 Zbot-infected computers, conducted this month, revealed that a majority were running an up-to-date AV program, Mickey Boodaei, CEO and founder of Trusteer, told SCMagazineUS.com on Wednesday. Fifty-five percent of Zbot-infected computers analyzed were running up-to-date AV programs, 31 percent had no AV and 14 percent had AV that was current, researchers at Trusteer found.

Even so, the company concluded that having an up-to-date AV product will only protect against Zbot 23 percent of the time. AV providers likely are having a tough time protecting users because the trojan has sophisticated morphing and rootkit mechanisms that allow it to penetrate deep into operating systems. Also, it protects itself from detection and removal, Boodaei said.

“It's been clear for years that anti-virus by itself is not enough anymore,” Patrik Runald, senior manger of security research at Websense told SCMagaizneUS.com in an email Wednesday. “It's about security in depth.”


Zbot, also commonly known as Zeus, has been circulating since at least 2006, was most recently propagated through spam messages claiming to be a critical update for Microsoft Outlook. The information-stealing trojan aims to capture infected users' banking login credentials and send them back to the malware writers. 

No single AV engine was any better than another at protecting users from the trojan, Boodaei said.

“All the AV vendors have difficulties in detecting and removing Zeus," he said. "It's not limited to specific vendors."

Zulfikar Ramzan, technical director, Symantec Security Response told SCMagazineUS.com in an email Wednesday that there are “some issues” with accuracy of the study since it does not provide a breakdown of individual anti-virus companies' effectiveness of detecting ZBot.

“While the numbers produced are noteworthy, it is important to take them with a grain of salt,” Ramzan said.
Share this article:

Next Article in News

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.