Zeus Trojan
What it does
Zeus was first identified in 2007 when it was used to steal information from the United States Department of Transportation. It had compromised accounts at Amazon, Bank of America, ABC, NASA, Oracle, BusinessWeek and others. Zeus controls botnets, which are large collections of computers that are controlled by a master and can be made to work together and act simultaneously.
Various versions are known to control millions of computers in 196 countries with about 3.6 million in America. Over 2,000 companies and organizations are affected. In 2012 Kaspersky Labs found five new variants infecting Blackberry and Android phones.
Zeus is capable of logging keystrokes, like credit card numbers, usernames and passwords, then sending them out to its masters. Each criminal master of a Zeus Botnet can decide what information to steal, and how it should be reported.
How it spreads
It is spread by simply visiting an infected site, or clicking on a link in a phishing attack. In 2009 over 1.5 million Zeus phishing messages were sent on Facebook alone. Zeus variants also sent over 9 million phishing emails purportedly from Verizon Wireless.
In 2010 it was reported that over 15 banks were compromised. Later in 2010 the FBI reported that Zeus was used to steal around $70 million from individuals using their credit card and banking accounts. The FBI arrested over 90 suspected gang members in America. Others were arrested in the UK and Ukraine.
The Marketing and Support of Zeus Trojan
In late 2010 the original author sold the source code to his major competitor who is enhancing the product and providing support. Purchasers of the virus creation kit are now supported by a very responsive software company. They can file bug reports and follow their progress. There are forms for suggesting and voting on new features. This new version is called Citadel and is being sold along with support using the software as a service model. They copy protect it to make sure it cannot be stolen and resold.
"It's no secret that the products in our field — without support from the developers — result in a piece of junk on your hard drive. Therefore, the product should be improved according to the wishes of our customers," Citadel’s developers claim in an online posting.
The basic package costs $2,399 plus $125/mo. However, advanced features are sold separately. The basic package allows you to build a bot package and also includes the botnet administrative panel. Updates cost $15.
References and further reading
Wikipedia on Zeus Trojan
https://en.wikipedia.org/wiki/Zeus_%28Trojan_horse%29
Krebs on Security - Citadel / Zeus Trojan marketing
http://krebsonsecurity.com/2012/01/citadel-trojan-touts-trouble-ticket-system/
A previous article of mine on preventing problems with Layered Security
http://steveshank.com/cgi-bin/article.pl?aid=376
A previous article on another Botnet
http://steveshank.com/cgi-bin/article.pl?aid=15
Date: December 2012
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
|