ZeuS Trojan reinvents itself as bots rock on

By Woody Leonhard One of the most pernicious forms of malware ever written, ZeuS has taken a more sinister turn, despite a highly publicized, worldwide series of arrests — and the self-announced retirement of its creator. ZeuS is not just a bit of malicious code; using multilevel marketing and quick-change attack strategies, it’s a malware system and possibly the most pervasive threat on the Net.

Also known as Trojan.Zbot, ZeuS is better described as a group of related Trojans that infect in a multitude of ways. ZeuS runs below the radar as rootkits on subverted machines, where it gathers account numbers and passwords like daisies in May and sends them off to data-dump dropzones all over the Web.

In some ways, ZeuS uses old-hat, stock-in-trade Trojan behavior; but in other devilish ways it’s unique — and it’s changing.

For sale: the ZeuS rootkit malware kit

It’s best to think of ZeuS as a franchise operation — would-be malware mavens buy a ZeuS franchise. Franchisees receive a rootkit kit (no kidding!), a package of software that makes it click-click-click easy to create a custom infection routine. Many kinds of routines, in fact: some ZeuS infections spread in spam, some take advantage of zero-day holes in Windows, others come along for the ride with infected, downloaded programs.

Rogue anti-malware is a favorite form of attack; it spreads rapidly across company networks, hitches rides on USB drives, or is injected through drive-by attacks on browsers.

Related posts:

1. Are security programs up to the task?
2. The best free anti-trojan scanner
3. Microsoft sounds rootkit trojan alarm
4. Don’t be a victim of Sinowal, the super-Trojan
5. Trojan Hunter V4.5 now available