Like its Greek god namesake, the Trojan malware Zeus is powerful and virile. Since it first surfaced in July 2007 in an attack on the U.S. Department of Transportation, Zeus, aka Zbot, and its variants have wreaked havoc on the financial services industry.
If you’ve ever been tricked by an legitimate-looking email asking you to download a payment confirmation, e-fax or delivery notification, you may have been zapped by Zeus. Instead of attachments, these emails contain links to ZIP files containing the virus in an executable file. Zeus’ other form of transmission is the “drive-by download,” when an unsuspecting user happens upon a website hacked with malicious code.
Zeus’ nasty powers
Zeus has two nasty powers: One, it creates a botnet, or a network of corrupt computers remotely controlled by a command-and-control server. Two, it uses keylogging to steal financial usernames and passwords. Initially, Zeus only affected Windows machines, but in the 11 years since the malware’s debut, mobile versions have appeared that infect Symbian, Blackberry, and Android devices.
Although Zeus itself has slowed down, new variants continue to emerge, including Terdot, which expands upon Zeus’ interest in banking information by stealing social media and webmail passwords. Variants have appeared ever since Zeus’ creator made the malware’s code open-source in 2011.
And just who created Zeus? Well, the FBI is offering a reward of up to $3 million for information leading to the arrest and/or conviction of one Evgeniy Mikhailovich Bogachev, last known to reside in Anapa, Russia. He enjoys boating along the Black Sea, playing with cats and draining bank accounts.
Photo: Dimitrios /Shutterstock.