Win32 Virus Removal

Credit Eligible As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

Removal Tool Aimed at Stopping Trojan's Spread

October 18, 2010 - Linda McGlasson, Managing Editor

Two weeks after authorities on two continents arrested cyber criminals linked to the Zeus malware, Microsoft has added the infamous Trojan's signature to one of its best removal tools in an effort to hunt down infected machines.

On Oct. 12, Microsoft began detecting Zeus with its Malicious Software Removal Tool, which is a widely used virus removal program that is free for Windows users.

This move will make it more difficult for cyber criminals who are relying on Zeus to collect data to keep running their software on computers that do not have antivirus software installed. Security experts see this move as a positive, as MSRT effectively stopped the Waledac botnet last month. Microsoft says in a blog that the malware, while technically sophisticated, is easy for hackers to deploy with automated toolkits.

About Zeus

The Zeus Trojan, also known as "Zbot," comes equipped with malware aimed at stealing online banking credentials and accessing bank accounts to transfer money. In the last three years, Zbot has become famous as the root cause of corporate account takeovers of businesses, churches, municipal governments and public school districts, stealing millions from their accounts.

How it works: When installed on a victim's computer, Zbot creates a backdoor that enables access to the computer's operating system, and also disables certain security software.

Zbot effectively turns the infected computer into a bot that spreads Zeus to other computers through various attacks, including spam, drive-by-downloads and other malware.

Microsoft said in a blog post that while the banking malware is technically sophisticated, the distribution method is easy for hackers to deploy with automated toolkits.

New, Improved Malware

Even with the addition of Zeus to MSRT's list, don't expect the flow and variants of malware to stop immediately, say experts.

"There are lots of malware writers out there, and they saw the main Zeus author earn about $15 million in commissions from Zeus license rights," says Avivah Litan, a security expert at Gartner. She says the malware writers figure it's easy money for them too and are coming up with better, more improved malware versions.

There are also attacks that redirect all user traffic to their bank through the fraudsters' proxy servers. Litan says security professionals won't see an end any time soon to innovation in malware and attack methods going after ACH and wire transfers.