Zeus Malware

The twenty-first century is an era of new technologies and cyber programs which simplify the life of people and make many routine tasks easier. Today, an average Internet user is able to perform various tasks using his/her personal computer. For instance, the user may pay for his/her bills online, make purchases at online shops, book tickets, check his/her bank account, and so on. These new opportunities seem to be very comfortable and useful for people because they save time and do not require additional actions. However, the implementation of cyber technologies has also a negative impact, such as the appearing of hackers and computer viruses. The role of these viruses is to receive an access to a user’s computer and use the information for personal needs. Some viruses cause some damage to the computer, while others provide the total control over a machine. One of such computer viruses is Zeus, which is also known as Zbot.

Zeus

The main advantage of this program is that a hacker is able to build his/her own Trojan horse. In the black market, this malware costs from 3,000 dollars up to 10,000 dollars according to the specific function that one requires (Greene, 2010). Hackers use this program to receive some access to a user’s bank account. Zeus malware gives an opportunity for a cybercriminal to create the additional forms on a browser level. In other words, the user will see a legitimate website, but he/she might be asked to fill some additional form for some security purpose. In this way, a cybercriminal receives the personal information about the user, including login, password, number of credit cards, and whatever he/she needs. A victim does not realize that it is the malware. The reason is that he/she has visited a legitimate website. As a result, the consequences of Zeus might be detected only when the user notices that he/she has lost money on his/her bank account.

According to this fact, Zeus Malware is considered to be one of dangerous viruses in the cyber space. This malware is very difficult to detect even if one uses the latest updates. Hence, one should obey certain precaution measures in order to minimize a possibility of Zeus’ infection. This paper will introduce the main characteristics of Zeus Malware, how this virus works, what outcomes it may bring, and what one should do to protect his/her system as well as prevent the infection with this malware.

Functionality

As it has been mentioned above, this Trojan was designed to steal the confidential information. The advantage of this Trojan comparing to others is that attackers may update it in order to receive other private information. For instance, during the first attack, the Trojan was used to target the system information and receive an access to a machine. However, when the first attack is made, a cybercriminal is able to modify the Trojan. The malware will be able to gather any sort of information, such as online credentials, banking details, and others.

The necessary information may be gathered using various methods and tools. For instance, a criminal may set a function to gather automatically any information from Internet browsers, FTP or POP3 passwords. Nevertheless, the most effective method of gathering information about a victim is monitoring his/her activity on web sites. Criminals create the additional fields on web pages in order to receive the private information. Thus, the victim does not notice that something is wrong.

Besides, monitoring and gathering information, the Trojan is able to perform additional functions, such as contacting a command-and-control server. Due to this possibility, a cybercriminal receives an opportunity to download files on a computer. An attacker may also reboot the computer or shutdown it at any moment. Moreover, a hacker may delete system files on a computer or make it unavailable for the user. For instance, a criminal may set a password on the computer or limit an access to it by other users. In this case, the computer becomes a part of botnet, which is also known as a zombie army. Botnet is a number of computers which are used without their owners’ awareness in order to set up viruses, send spam or viruses. Hence, the computer becomes absolutely controlled by a hacker in order to perform other cybercrimes.

Financial Damage

The security company Trusteer states that Zeus Malware was detected in 44 percent of all banking losses and frauds. In many cases, the clients of these banks lost their money. The reason is that the money transfer from their accounts was performed without informing them. Nevertheless, the clients’ accounts are not the only goal of cybercriminals who use Zeus. Many companies suffer from this virus and experience a financial loss. For instance, Little & King LLC, a small company in New York, lost 164,000 dollars in 2010 (Caglayan, Toothaker, Drapeau, Burke, & Eaton, 2012). One of the company’s computers was infected with Zeus. As a result, a criminal could receive an access to other machines using the organization’s net and steal the money. For such a company as Little & King LLC, the loss of 164,000 dollars is a serious financial damage (Caglayan et al., 2012). The organization could not overcome this challenge and soon announced about its bankruptcy. The similar situation happened to Smile Zone, a dental clinic in Missouri. This time, the criminal stole more than 200,000 dollars, using a victim’s computer for transferring operations (Neroth, Sharpe, Edwards, & Dennis, 2012).

In the majority of cases, the banks are able to reverse fraudulent transfers or at least return the part of lost money. However, they should act very quickly because the chances to do it successfully decrease within 24 hours after the operation has been completed. In March 2010, the insurance company Port Austin based in Michigan lost nearly 150,000 dollars because of the Zeus Malware attack. However, its bank could return more than half of the stolen money (Piatti, 2012). Eskola LLC, a roofing firm in Virginia, lost almost 130,000 dollars in 2010. Its bank could return 100,000 dollars (Piatti, 2012). Another victim of Zeus attack became Orange Family Physicians in Virginia. In this case, the company lost 46,000 dollars. However, the bank could reverse only 6,000 dollars (Piatti, 2012).

These examples do not illustrate a full picture about the Zeus attack consequences. The majority of businesses prefer not to inform about their financial loss. The reason is that it may have a negative impact on their reputation and loss of clients’ loyalty. However, the individuals who became the victims of Malware attack begin suiting their banks and demanding to return the lost money. For instance, in Illinois, the client suited his bank due to the bank’s weak security system. He/she lost 26,000 dollars (Neroth et al., 2012). The results of this case are still unavailable.

The US banks do not have a legal obligation to reimburse the customers’ loss in a result of malware attack. This policy does not lead to the improvement of banks’ wellbeing or reputation. Moreover, clients who have become the victims of malware attack prefer to change their bank even if the bank can return their money. Malware attacks and the loss of clients’ money is one of fundamental problems, which banks face today. These incidents decrease the level of trust to banks and online banking channels. As a result, it leads to the decreasing of banks’ profit and declining a general level of trustworthiness to online operations.

Scale of Infection

The total scale of Zeus Malware is difficult to estimate. However, researchers say that there are about 3.6 million computers infected with this virus in the United States (Caglayan et al., 2012). According to the statistic provided in 2010, there were 500 companies affected by Zeus. The security company NetWitness informs that about 2,500 organizations became the victims of Zeus attacks worldwide (Osborne, 2014). In 2010, there was detected a botnet called Kneber which numbered over 75,000 computers in 198 countries affected by this malware (Osborne, 2014).

Almost 2 million of phishing messages were sent in social networks, such as Facebook and Twitter. Microsoft Malware Protection Center informs that the number of malware attacks has increased since 2009 almost twice. The majority of attack are performed from Europe, i.e. 24%, China – 22%, the USA – 18 %, Russia- 16 %, Ukraine – 7 %, and the attack from other countries compose 13 % (Caglayan et al., 2012).

The 11 international domains targeted by Zeus are bank online services (8 domains) and commercial Internet services (3 domains) (Osborne, 2014). As one can see, the primary goal of Zeus Malware is banks that provide Internet services to its clients. The cyber criminals use the netbot of computers located worldwide to commit their crimes. Hence, a hacker might be located in Europe using the Chinese computer to steal money from the US bank. According to this fact, the detection of the criminal’s identity is a challengeable task, which is often impossible.

Protection and Prevention

The survey conducted by Trsuteer shows that Zeus is a more dangerous virus comparing to other malwares. Even if the system is protected with a modern antivirus program, there is 55% possibility that Zeus could infect a computer (Osborne, 2014). The up-to-date computer antivirus programs are effective only against ordinary malwares. Thus, they are able to block Zeus attack only in 23 percent of cases (Piatti, 2012). Nevertheless, obeying certain rules may decrease a probability of being infected with Zeus Malware. Some of recommendations provided below are well-known actions that Internet users should obey in order to protect its computer from viruses. However, many people still forget to follow them.

One of the simplest and most common rules which are also applicable to Zeus is to filter one’s actions. One should avoid vesting potentially dangerous websites which offer to download free software, illegal materials or materials for adults. The owners of these websites may allow cybercriminals to host their software and add malware to download programs or materials. Sometimes, hackers create such website which contains lots of free illegal programs in order to attract users. A victim downloads software. He/she does not realize that it already contains Zeus. Hence, the first rule is to avoid downloading of free illegal materials and visiting websites that contain this software.

The Internet user should also be careful visiting social media networks. One should not click links provided in messages that one does not expect to receive. In addition, one should remember that even a link from trustworthy sources may be infected with Zeus, if this source was attacked by Zeus. Hence, the second advice is to avoid spam messages and never follow links in these emails.

When one uses the Internet for financial goals, he/she should take into account two factors. First, website should send a confirmation code on a mobile phone to confirm a login. Second, Zeus may also infect mobile devices today. Thus, one should not send the confirmation code without a necessity, only when he/she makes some operations.

Another solution to protect one’s computer from Zeus is to provide the modern antivirus updates. As it has been mentioned above, even the most effective antivirus programs guarantee only 45 percent of safety against Zeus. However, this measure might be used as a preventive feature. Antivirus programs inform the user about websites that might be dangerous and automatically block the access to them. In addition, antiviruses alert about Trojans during downloads and stop this process. They also automatically remove such viruses from the machine and provide the regular system checkup.

Choosing a good antivirus program is an important step. Today, there exist a lot of antivirus programs which offer the free premiums. However, one should choose only those which are leaders in this industry. Zeus Malware constantly makes the updates to become more effective against antivirus programs. Thus, it is necessary to have antivirus which could provide the modern updates on one’s machine. If one ignores this fact, in a few years, his/her antivirus program will not be able to cope with viruses, including Zeus and other Trojans.

Today Trojan is considered to be a threat number one in cyberspace. This Trojan has made a significant breakthrough during the last years. In fact, few years ago, it was not as dangerous as today. It was one of the plenty of Trojans that exist in the global network. However, now it has become a real threat to people’s financial wellbeing and continue improving in order to bring more damage to individuals, organizations, and companies.

Conclusion

Zeus Malware is considered to be one of the most dangerous computer viruses today. Hackers use this malware to make different crimes in cyberspace in order to receive personal information about users and use it to get an access to their financial operations. As a rule, Zeus is very difficult to determine. It is almost unsearchable for the majority of modern antivirus programs. Even the latest updates of the most effective antivirus programs cannot guarantee at least 50 percent of protection from Zeus. Cyber criminals also use Zeus to capture the entire control over the victim’s machine and create the botnet. The army of zombie computers is used by hackers to make criminals from any corner of the world with a help of the victim’s computer. Sometimes, criminals infect one machine by Zeus in an organization and use it to spread the virus among others. As a result, the entire net of the particular organization becomes infected with Zeus.

Criminals use Zeus to receive the access to people’s banking accounts, perform some financial operations within organizations and companies, and execute other frauds connecting with receiving significant sums of money. Today, banks do not have a legal obligation to return money to clients who have become the victims of such frauds. However, in fact, it is their mistake because they could not guarantee the safety of their system. Nevertheless, if the fraud is identified within 24 hours, there is a great possibility to return at least some part of the stolen money or even all.

The experts offer to follow some simple rules in order to minimize the possibility of infected one’s machine with Zeus Malware. First, it is necessary to avoid visiting websites with doubtful reputation. For instance, those websites offer to download some free illegal software. Second, it never responds to spam and follow the links mentioned in such messages. Finally, thirdly, it is to install the legal and regularly-updated antivirus program which will detect viruses and deleted them from one’s machine. The obeying of these simple rules will help to avoid the infection with viruses and prevent unpredictable damage to computer and financial loss as a result of the cyber criminals’ attack.