The Zeus Trojan can go for thousands of dollars in the cyber-underworld, security researchers say.
cyber-criminals around the world
the week of Sept. 27 were scooped up by
police after a 16-month investigation that stretched from the United
States all the way to the Ukraine.
The cyber-crime ring is accused of stealing $70 million from bank accounts,
with targets ranging from individuals to small and midsize businesses to
municipalities. The weapon of choice in these heists was a variant of the
infamous Zeus Trojan, a reminder that the malware is still prevalent in the
According to security researchers, the price of the Zeus
can range from a few thousand to possibly as high as $10,000.
Additional features and services such as Windows 7 support or "Firefox
form grabber" can be purchased for $2,000, Ivan Macalintal, senior
threats researcher at Trend Micro, told eWEEK.
"It is the most popular Trojan tool kit going today," said Dave
Marcus, director of security research and communications at McAfee Labs.
"It's also the highest priced and most effective."
In the years since it was first seen in the wild, Zeus has been linked
to numerous criminal operations and botnets. Trusteer, for example, earlier in
2010 found a 100,000-strong Zeus botnet that was tied to the theft of a wide
range of user data, including credit card numbers and browser cookies.
To read about how social networking
data is used by hackers, click here.
is spread by a variety of means, including drive-by downloads and spam
attacks. The constant development of variants allows Zeus to evade antivirus
software, researchers said.
"The tool kit is very well developed and of professional grade,"
Marcus noted. "It's probably the most popular, because it's hands down the
most effective. Cyber-criminals love it because it's a money-maker."
However, Marc Fossi, manager of research and development for Symantec
Security Response, said Zeus is not as broadly advertised as it once was
because of the attention it attracts.
"In fact, one Website we recently observed had a rule banning
sales and downloads of Zeus through their forum because of the attention it was
drawing to them," Fossi said.
Recently, Zeus operators made an attempt to trick users of mobile devices into
giving up their mobile phone numbers so they could infect those devices with an
SMS (Short Message Service) monitoring program that can be used to steal
transaction authentication numbers sent to users by banks to authenticate
online banking transactions.
"The banking industry needs to be doing more," said Alex Cox,
principal analyst for NetWitness. "In the past, online fraud losses were
looked at as a cost of doing business as long as they didn't exceed whatever
the expected loss percentage was, and U.S.-based banks have historically lagged
behind European banks as far as online banking safeguards go, too."
Cox recommended that banks develop a threat intelligence strategy that
actively tracks criminal elements known to attack their line of business,
either via in-house or third-party intelligence services, and educate customers
as to common risk factors associated with Zeus. Multifactor authentication can
also help, he added.
"The popularity and power of Zeus is that it offers a very low barrier
to entry, with a high possibility of return," Cox said. "As such, the
use of Zeus is prolific to the point that we see it in the vast majority of
organizations who call us in to assess them-either via infected hosts inside
the corporate network, or being used to commit fraud via the business online
portals. Infection mechanisms in [the recent arrests] were likely a
combination of exploits, phishing and second-stage malware payload. This works
so there is no need to change it or do anything different."