The Inquirer-Home
Communications > Security

Zeus 2 botnet is spotted in the wild

Riders in the sky
By Dave Neal
Tue Aug 03 2010, 15:50

INSECURITY FIRM Trusteer has found the first instance of the Zeus botnet version 2 out in the wild.

Earlier this week we said that this next version of the gittish botnet was still in beta and was only being trialed. However we might have spoken too soon as Trusteer reckons to have found what it calls a 'significant' instance.

Trusteer reckons that the botnet, which is operated and controlled from Eastern Europe, is after financial information in the UK, and has a massive zombie army of 100,000 infected computers as its footsoldiers - 98 per cent of which are in the UK.

Already Trusteer has been able to ascertain that the botnet is sniffing up things like credit and debit card numbers, banking website login IDs and passwords, bank statements, more passwords, FTP accounts and passwords, website and user certificates, Internet users' web cookies, the kitchen sink and did we mention passwords?

Mickey Boodaei, CEO of Trusteer said that the firm had been seeing Zeus 2.0 being used for about six months, but added that this was the first 'pure' one.

Boodaei said that his firm had been able to drill deep down into the botnet and discovered a user interface that lets the controllers do things like search for banks by name or snarf up mass collections of emails through a 'Google-like' interface.

He explained that the collection of information was very specific, and included the usual suspects such as logins and passwords. However, it is far more comprehensive than this and collects other things as well, like place of work and type of job.

"It's very focused," he added, "they are targeting the UK market, its financial institutions and its citizens." µ

zeusbotnetbycountry

Share this:

< Previous article| Next article >
Comments
Avoidance Measures?

Hi, whenever I read these articles (on any site) they rarely go into details about where such trojans are picked up from.. ie.. are there specific sites that aren't safe? .. or games/software installed from sites? .. is it picked up from phishing via email? .. if yes then do those emails have general titles/comments? .. just to know where not to go to avoid winding up with this virus.

also is there specific AV software with measures in place to disable this virus?

posted by : curious, 09 August 2010 Complain about this comment
Yes, Windows only.

John, luckily only Windows systems can be infected by Zeus, but the newer version 2 can infect both Vista and 7 OSs and both IE and Firefox. So Linux users can carry on with no AV software at all. For now.

posted by : Skiesare, 04 August 2010 Complain about this comment
What problem?

If this botnet is essentially completely deployed within the UK, it's masters need only characterize it as an adjunct to the CCTV security state apparatus, and the sheople of the UK will blindly (blinker'edly?) accept it.

posted by : hoohoo, 03 August 2010 Complain about this comment
Windows Only?

Is this another windows only virus? I keep wondering how safe Linux is from this one.

posted by : john in nc, 03 August 2010 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up Existing user
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: