OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Zeus Trojan

What it does

Zeus was first identified in 2007 when it was used to steal information from the United States Department of Transportation. It had compromised accounts at Amazon, Bank of America, ABC, NASA, Oracle, BusinessWeek and others. Zeus controls botnets, which are large collections of computers that are controlled by a master and can be made to work together and act simultaneously. 


Various versions are known to control millions of computers in 196 countries with about 3.6 million in America. Over 2,000 companies and organizations are affected. In 2012 Kaspersky Labs found five new variants infecting Blackberry and Android phones.

Zeus is capable of logging keystrokes, like credit card numbers, usernames and passwords, then sending them out to its masters. Each criminal master of a Zeus Botnet can decide what information to steal, and how it should be reported.

How it spreads

It is spread by simply visiting an infected site, or clicking on a link in a phishing attack. In 2009 over 1.5 million Zeus phishing messages were sent on Facebook alone. Zeus variants also sent over 9 million phishing emails purportedly from Verizon Wireless.

In 2010 it was reported that over 15 banks were compromised. Later in 2010 the FBI reported that Zeus was used to steal around $70 million from individuals using their credit card and banking accounts. The FBI arrested over 90 suspected gang members in America. Others were arrested in the UK and Ukraine.

The Marketing and Support of Zeus Trojan

In late 2010 the original author sold the source code to his major competitor who is enhancing the product and providing support. Purchasers of the virus creation kit are now supported by a very responsive software company. They can file bug reports and follow their progress. There are forms for suggesting and voting on new features. This new version is called Citadel and is being sold along with support using the software as a service model. They copy protect it to make sure it cannot be stolen and resold.

"It's no secret that the products in our field — without support from the developers — result in a piece of junk on your hard drive. Therefore, the product should be improved according to the wishes of our customers," Citadel’s developers claim in an online posting.

The basic package costs $2,399 plus $125/mo. However, advanced features are sold separately. The basic package allows you to build a bot package and also includes the botnet administrative panel. Updates cost $15.

References and further reading

Wikipedia on Zeus Trojan

Krebs on Security - Citadel / Zeus Trojan marketing

A previous article of mine on preventing problems with Layered Security

A previous article on another Botnet

Date: December 2012

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster