Also known as Zbot, Zeus is a malware toolkit that steals the banking information of unsuspecting end-users. The Trojan horse uses the browser keystroke logging and form filling to gather the information. Introduced in 2007, the program’s source code was distributed to the public domain. This made it possible for hackers around the world to modify the code to suite their requirements. Many financial institutions and individuals have been victims of the catastrophic effects of the software. It is estimated that over 3.6 million personal computers in the United States are infected by the virus. The distribution of the code makes the new versions of the software available. This has made it impossible for security companies to deal with the virus as it keeps on morphing. The ease of distribution of the software makes it possible for cybercriminals to purchase it in the black market and carry out their activities. According to a report generated by Secure Works in 2010, a basic package of the program starts from $3000. Additional modules are however, costly, summing up to $10000. These modules are designed to perform specific tasks tailored according to the specifications of the user.
Once a computer is attacked by a Zeus program, the owner is mainly unaware, since the program may have been downloaded and installed without the user’s consent. The computer is then recruited to be a part of a bootnet. This means that it is remotely communicating with other computers running the same program. All this happens without the knowledge of the user but the hacker controls them from a central point. The information gathered by the program is submitted directly to the hacker who manipulates and uses it for the identity theft. There are various reasons that make Zeus a success as a program. First, the program hides from leading antivirus programs. According to the Trusteer Security Company, a computer running an up-to-date antivirus reduces the chances of infection by only 23 percent, as opposed to a machine that is not protected. This indicates the rampant spread of the virus. Since the program runs in the background without the knowledge of the users, they are manipulated to thinking that their finances are safe. It ensures that it shows you an updated amount in your bank account which one realizes is not true when it is too late. Finally, since the program is not static, but it dynamically changes with time, any attempts to stop it are rendered futile.
Just as the word malware suggests, Zeus gains access into a computer or network without authorization. It is a Trojan horse that may come in the form of a game, email attachment or even a security application. The user may install it on their computers, and it starts running on the background ready to gather information when the user goes online. Once the program launches, it gives the hacker remote access to the computer. Consequently, it may start recording all the keystrokes on the computer’s keyboard with the aim of detecting usernames and passwords. Since the program uses the “drive-by-download”, many users are not aware of the presence of the program in their operating systems. Targeting many users is the key aim of the hacker. The software is distributing through spam mail or even strategically placed on social sites such as Facebook. Once a user visits the site they fall victims of the virus as it downloads on their hard drive while they continue with their online business. This is done without the knowledge and consent of the user. The portability of the program makes it easy to run in different Windows operating systems. The program is not bulk, and therefore, it installs at lightning speed where the Internet is reliable. The majority of users are unaware of its presence in their machines.
After its formation, the Zeus code was openly distributed to the general public. It gave programmers and hackers a building block to tailor the code to meet their specification. It is for this reason that different versions of the software are released daily. Hackers have the advantage of releasing a few versions of a certain flavor to test the reaction of security companies. Before the company figures how to deal with the code, they release the real thing that does what they want. Since the program is tailored to capture any form filling and report the result to the hacker, it waits for the users to visit the site a number of times and to ensure that the information they enter is correct. After this, the program reports the information to the hacker who has a remote access to the machine. The hacker uses this information to carry out online transactions on-behalf of the user. Mainly, the hacker will make electronic transfers from the victims account via shell accounts to avoid detection. The money may be routed through various accounts to make tracing impossible. During the transaction period, the user may not suspect anything, since the accounts seem to be up to date and the money safe. Windows operating systems users are the main victims of the virus. It has been attested that this software fails in Mac operating systems and Linux. However, a recent report released by Kaspersky Security Company was disconcerting to mobile users. The company said it had discovered versions of the Android and Blackberry mobile operating systems. This clearly indicates that mobile banking is not safe.
Zeus is a threat to the banking industry, small businesses, as well as individual finances. Small businesses are disadvantaged over consumers when it comes to waging a war against Zeus. If one unknowingly installs Zeus and then accesses their online bank account, they may be held liable if they are dealing with a small bank account. This may as well lead to account depletion and responsibility shouldered on the victim. On the other hand, major banks reimburse consumer losses arising from online attacks. According to the iTwire, the Nordea bank lost $1.14 million in an online fraud (iTwire, 2007). Other financial institutions such as the Heartland Payment Systems have fallen victims of the malware breach losing $12.6 million in 2009. The cry of financial institutions and individuals continues as the new versions of the software are being released daily. They are just a tip of the iceberg as many firms fear coming to the open in order to retain their users. A post in the CNET news reveals that ‘ATM malware in Europe gives criminals the ability to steal data and cash.” (CNET news, 2009). With the widespread of Internet access, malware has been the primary organized vehicle for cyber crime. According to the web security statistics of 2009, there was a 71% increase in cyber malware crime as compared to 2007. All of this was Zeus based and geared towards financial gain and making profit. The high growth and spread of the malware has not been restricted in the United States alone. In the UK, for example, the losses from online banking fraud were reported to reach a total of 14% in 2009. This was correspondent to £59.7 million loss. This has been attributed to over 5000 variants exhibited by Zeus software. Since its inception in 2007, it is estimated that the malware has caused a minimum of $100 million losses to online bankers and financial institutions. This however, is only the reported crimes statistics. The amount is thought to be higher since no governmental institution has reported cases of fraud. The fear continues to rise as new variants of the software are continually discovered in the European countries. These new versions of the software are developed to target consumer banks.
The scale of infection is considerably high in the United States and the European countries. However, the increase in technological innovation has seen the third world countries in Africa, Asia and the Middle East fall victims of the virus. The increased online gaming and transactions is a new avenue being targeted by hackers in these countries. The Recent research has discovered a bootnet termed as Kneber. The news from a US based security company indicated that over 2500 organizations in 196 countries have been affected by the virus and are a part of the Kneber network. In the United States alone, it is estimated that 88% of the top fortune 500 companies have their systems affected by this software. As of 2009, Zeus had sent over 1.5 million phishing messages on Facebook. It is during the same period that the virus was distributed via email purporting to be from Verizon. Microsoft who is the developer of the Windows operating system assures the users they are currently developing an operating system that will curb the problem. The introduction of the Windows 8 platform is meant to reduce the chance of affecting the Windows users. The company also assures the users that the platform will be open ended and encourages them to upgrade. However, since running Zeus from any location is possible, malicious users host their sites with the Russian and Chinese service providers, since they offer well developed services. The program targets 11 international domains out of which 8 are banks offering online banking to their clients, while the rest are commercial Internet providers.
The analysis above shows increased negative impacts caused by Zeus. Any user should be vigilant when carrying out online transactions. The financial impact of the software is huge with most companies suffering from huge losses. The transfer of huge sums of money over the wire should be done with caution as the sockets build in this program have the ability to listen to this information and reporting back to the user. There is also an increased damage to the goodwill. In recent months, many individuals are going after their banks in an attempt to recover their losses. In Illinois, for example, a couple lost $26,500 and the law gave them the go-ahead to sue their bank (Financial Bank). This was allegedly done for the failure of the bank to implement the latest security measures designed to protect its users against such compromises. Currently, banks and financial institutions are under no obligation to reimburse their customers for any financial losses that may arise from malware. Such incidences, when they occur, may reduce the credibility of the financial institution in the eyes of the public. This leads to bad publicity of the firm, as well as huge losses as customers may opt to withdrawal and seek services elsewhere. Since trust is fundamental to the growth of any financial organization, incidences arising from malware usage lead to the decreased growth of the firm in favor to its competitors.
From my own point of view, the best way to be safe is for the end-user or company to use an open source operating system like Linux. Since Zeus malware has a way of fooling users and running in the background without the knowledge or consent. On the other hand, since mobile operating systems are also the victims of the malware, it is essential to avoid carrying out mobile financial transactions. One should also consider using different usernames and passwords for different sites. When this is done, one reduces the chances of falling a victim of the malware.
In conclusion, it can be said that Zeus has earned the reputation of the most dangerous malware that threatens the banking industry. This is because of the indefinite number of toolkits available. The program also possesses certain features which make it difficult for security companies to exploit. The ease of use of the program and its readiness and availability makes it ideal for any hacker to steal online banking and credential information. Online cyber criminals are tailoring the program and using it to steal people’s identities.