The Register® — Biting the hand that feeds IT

Feeds

World's nastiest trojan fools AV software

Pounces on banking passwords

By Dan Goodin, 18th September 2009
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

One of the world's nastiest password-stealing trojans evades detection by the majority PCs running anti-virus programs, according to a study that examined 10,000 machines.

Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, according to the study (PDF) released by security firm Trusteer. Even AV programs with up-to-date malware signatures were unable to identify the infection a majority of the time, the authors said.

Zeus, which also goes by the name Zbot and PRG, escapes detection using sophisticated techniques such as root-kit technology, the Trusteer report said. The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC's browser process.

A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million infections in the US alone, or about 1 per cent of the installed base of PCs. Trusteer's study, which found Zeus accounted for 44 per cent of the banking malware infections, was consistent with that finding. After sneaking onto a PC, it sits quietly in the background until a user logs on to a financial website. It then sends the login credentials to a remote server in real time, sometimes by use of instant messaging programs.

Of Zeus-infected machines, about 31 per cent don't run AV at all and 14 percent run AV that's out of date. The remaining 55 per cent had AV programs that were up to date. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (73)
Highly Rated
Anonymous Coward

@The original Steve

"Your a moron."

Thanks, that sets the tone for the rest of the response.

"This isn't some sort of Windows security hole. It's software that's been installed / ran by a user (and if it uses a root-kit they'll need admin rights) that does what the developer intended."

On a platform that defaults to allow such kind of software to run with admin rights because users default to admin rights, perhaps?

"Your telling me Linux prevents that?! If so I'm glad I don't develop for it."

It does not completely prevent it, just makes it more difficult. Nothing can ensure peace of mind, but there are ways to minimize it. Windows has to deal with a lot of badly written software that simply does not know how to run without admin rights, even if it is perfectly possible. What I cannot understand is the second sentence: are you glad developing for a platform that allows users do stupid things?

"Number of major flaws on OSS recently only backs up the theory that malware is targeted for the biggest audience rather than the weakest platform - which would be any platform with the largest number of users who happily install any old crap that comes on a email."

Whatever the reason, you seem to have reliable data on the number of OSS flaws versus other platforms, care to share that evidence? I'll share my evidence. Number of security outbreaks, infections, or any other kind of attacks in 2 Linux home boxes in 8 years:zero. Without running any kind of antivirus or similar security tools. Just the home router firewall, thanks. 8 years without devoting a second of my time, a cycle of my CPU or a byte on my hard disk to protecting me from something that should not be so easy to happen in the first place.

Whatever the reason, fact is, Linux is more secure. I don't care if it is because not popular or because is more secure or probably because both things at the same time. The plain fact is that Linux is more secure.

I'm ready to admit that if you configure Windows properly you can achieve similar levels of security. But that will be at the cost of some software not working properly, some of your machine resources devoted to that, plus the time you need to spend doing it. And yet after all that you'll not be free from things like SMB exploits happening.

"P.S. Now installing Windows 7 on a VM. 15 minutes total install time."

Mmmmm.... interesting, you really should post a YouTube Video of your VM W7 install, I'm sure the world will be shocked to know that you can install on that short time. Again, care to provide proof?

"Better than Linux? Not really. 6 Hours? Get a watch."

No, not really, I was making that number up. Make it 30 mins for the base OS, another 30 mins for Office and 2 and half hours of applying service packs, patches and rebooting. Only 3 and half hours, tops.

Ubuntu comes alive in 45 minutes, patches incuded, with office productivity, mail client, etc, already installed.

Oh, perhaps in your world where everybody who does not think like you is a moron time runs differently. But thanks to you and people with your midnset, Windows will always keep a big market share and the rest of the world will be safe. Please keep using Windows, Linux does not need users like you.

1
0
Mark Aggleton

Simple solution

Don't bank online.

1
0
Anonymous Coward
Anonymous Coward

AV is shite

There are very few AV products that protect users against trojans or keyloggers. But then what do expect from an industry that can't protect against anything it doesn't already know about. The thing that surprises me is why Symantec et all haven't been sued yet for false advertising. None of them do as they claim, often as not they are beaten by the incredible advanced malware technique of renaming the virus or trojan to something not on a list of names of viruses and trojans. Given the wild and unrealistic claims on the boxes of these products, if there was ever something that deserved to be forcibly taken off the market for false advertising, antivirus software would be it.

I've only found one application that actively guards against malware.. ie. prevents an attack as it happens and doesn't require a hard disk scan to do it. It also finds and removes trojans that most antivirus products won't detect or can't clean from your system. While far from perfect at least it tries to protect the user from themselves in real time, which is more than any other product does, but then PC Tools were always a step above most other software houses.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15