Zeus Botnet Bust Shows Malware is All about Money

Authorities in the United States, along with law enforcement partners around the world, issued indictments and swooped down to arrest dozens in connection with a malware scam used to steal millions of dollars from victims’ bank accounts. The charges against the Zeus botnet operation show just how pervasive the malware threat is, and how lucrative it can be for cyber criminals.

Zeus is not new. Zeus is also not a single threat. Zeus was developed as a crimeware toolkit for wannabe cyber criminals that lack the development skills to create their own attacks from scratch. The software was created, distributed, maintained, and updated as a commercial software application costing as much as $1500 before a free version eventually became publicly available.

“The Zeus botnet has been in the wild since 2007 and is among the top botnets active today,” said Chintan Shah of McAfee Labs in a recent blog post. “This bot has an amazing and rarely observed means of stealing personal information–by infecting users’ computers and capturing all the information entered on banking site. Apart from stealing passwords, this bot has a variety of methods implemented for stealing identities and controlling victims’ computers.”

The operation busted by these charges and arrests is allegedly responsible for stealing more than $12.5 million from victims’ bank accounts. Malicious e-mails were targeted at individuals responsible for banking and financial matters at small businesses, churches, and other organizations.

Once a system is compromised by Zeus, the malware sits in the background silently watching and waiting. When a banking site is accessed, the Zeus malware is able to gain access as well and initiate a transfer of funds to bank accounts set up by “mules” for the malware operation. The mules then withdraw the funds and wire it overseas to the gang leaders–after taking a ten percent cut for their effort.

“What makes this Zeus different is that it was developed, maintained and supported like software,” said Dave Marcus, director of security research and communications at McAfee Labs. “The arrests and charges today are some of the distributors of the toolkit, not the software creator. The actual mastermind behind Zeus is still at large, so these arrests do not mean an end to the Zeus problem.”

Actually, it’s an even bigger threat than that. As Marcus points out, these arrests are a drop in the bucket for the pervasive Zeus threat. Unfortunately, Zeus is also not the only Trojan or botnet out there seeking victims to surreptitiously part with their cash.

As long as there is money, there will be those with lower moral and ethical standards willing to take it rather than earn it. Malware makes theft even easier, enabling attackers to steal both remotely and anonymously. Users need to have antimalware protection, but–even more important than that–they need a healthy dose of cautious skepticism about suspicious e-mails, and a generous portion of common sense.