Trusteer, a security company, reports that Zeus is the number 1 botnet with over 3.6 million pc’s infected and that is only in America. Now that is a scary figure.
What is a botnet and what does Zeus do?
Botnet is a term for a collection of softyware agents or robots that run autonomously and automatically. A bot typically runs hidden and uses a covert channel to communicate with its C&C server. Generally, the perpetrator of the botnet has compromised a series of systems using various tools. Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community
See the Wikipedia definition
Zeus steals you information like back details and other usernames and passwords and reports them back to someone who can then sell this information onto criminals. The BIG problems with zeus is even if you have a good anti virus program and keep it up to date it only reduces your chances of being infected by 23%. It spreads by email and by downloading or activating activ-x controls on infected websites.
Another security company called Prevx said in their blog that only a few computers are infected by each variant of this virus to help prevent it from being detected and by the time it is detected it usually has done it’s job.
If you want to search for it Prevx also says what to look out for, although these name may have changed
The ZEUS trojan will commonly use names like NTOS.EXE, LD08.EXE, LD12.EXE,PP06.EXE, PP08.EXE, LDnn.EXE and PPnn.EXE etc, so search your PCs for files with names like this. The ZEUS Trojan will typically be between 40KBytes and 150Kbytes in size.
Also look for a folder with the name WSNPOEM, this is also a common sign of infection for the ZEUS Trojan.
Finally, check the Registry lloking for RUN keys referencing any of these names.
According to the BBC news the latest version 1.6 can only infect people using Internet Explorer or Firefox but I would be careful no matter which browser you are using
The guardian has also reported that two people were held over this virus but is continues to be a major problem today so please watch out and search for the above.
3 Responses to “Zeus botnet virus, are you infected”
Leave a Reply
great post as usual!
Pretty nice post. I just stumbled upon your blog and wanted to say that I have really enjoyed browsing your blog posts. In any case I’ll be subscribing to your feed and I hope you write again soon!
My cousin recommended this blog and she was totally right keep up the fantastic work!