'ZEUS' - A Trojan

priyanshuit's picture

Zeus is a Trojan horse that steals banking information by keystroke logging.
Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.
Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.

Zeus' current botnet is estimated to include millions of compromised computers (around 3.6 million in the United States). As of October 28, 2009 Zeus has sent out over 1.5 million phishing messages on Facebook. On November 3, 2009 a British couple were arrested for allegedly using Zeus to steal personal data.[4] From November 14–15 in 2009 Zeus spread via e-mails purporting to be from Verizon Wireless. A total of nine million of these phishing e-mails were sent.

It is still active in 2010. On July 14, 2010, security firm Trusteer filed a report which says that the credit cards of more than 15 unnamed US banks have been compromised. A recent outbreak is being called Kneber.

On 1 October 2010, FBI announced it had discovered a major international cyber crime network which had used Zeus to hack into US computers and steal around $70m. More than 90 suspected members of the ring were arrested in the US, and arrests were also made in UK and Ukraine.

The Zeus Trojan controlled machines are in 196 countries. The five countries with the most significant instances of infected machines are Egypt, the United States, Mexico, Saudi Arabia, and Turkey.

The Zeus botnet only targets Windows machines, and computers running Windows XP Professional SP2 make up the majority of the botnet. Kneber is primarily found on machines in corporate and government infrastructures, but home users can be affected as well.

The Zeus botnet is targeting login credentials for online social networks, e-mail accounts and online financial services. The top sites with stolen login credentials, according to Netwitness' report are Facebook, Yahoo, Hi5, Metroflog, Sonico and Netlog. While the focus has been on e-mail and social networks, Kneber is now targeting banking sites as well.

This Trojan was become a Media's new topic:
21-year-old Russian Kristina Svechinskaya is already known as the next Anna Chapman. The girl was among four New York students who are accused of stealing at least $3 million from US accounts and another $9.5 million from UK bank accounts. The group used Zeus Trojan, which when clicked on in an attached email would monitor people’s computer activity and steal their user names and passwords. Kristina Svechinskaya was a "money mule", whose alleged role in the scheme was to open accounts in which to deposit the stolen funds.


Post new comment

The content of this field is kept private and will not be shown publicly.
14 + 6 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture


Last Name


Website / Blog

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: http://www.facebook.com/priyanshu.it Twitter: http://twitter.com/priyanshu_itech Email: priyanshu@cyber-india.in


Recent comments