Mixed News on Zeus

Zeus is a major player in the way we have to approach risk management and security solutions.

By Sue Poremba | Posted Oct 14, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

It seems like hardly a day goes by without some news about the Zeus Trojan. Mostly the news is pretty bad, but every so often there is a glimmer of hope. Like the news stories I've seen over the past couple of days.

In negative Zeus news, F-Secure found a new variant of Zeus that is targeting mobile banking. According to an F-Secure blog post:

There's an interesting Windows+mobile case today involving a ZeuS variant that steals mTANs, using a Symbian (.sis) or Blackberry (.jad) component.

An mTAN is a mobile transaction authentication number, sent via SMS, and is used by some banks as a form of single use one-time password to authorize an online financial transaction. The SMS message may also include transaction data that allows you to ensure that nothing has been modified (via a Man-in-the-Browser attack).

In positive Zeus news, writer Spencer Dalziel reported that criminals are beginning to move away from Zeus. (Unfortunately, they are just moving to another botnet, Bugat.)

More positive news is Microsoft has (finally) developed a removal tool for the Zeus Trojan, although InfoWorld chastises Microsoft for taking two years to do so.

I feel like I write about Zeus a lot, but that's because Zeus is a major player in the way we have to approach risk management and security solutions. Trust me, I can't wait for the day when I can write, "Zeus finally appears to be dormant." Until then, I'll stay updated on the latest Zeus brings us.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter