Banking Trojans Like the Mighty Zeus Are More Dangerous Than Most Computer Viruses

Over the years, we’ve seen malware with interesting names. For example, Ryuk ransomware is named after a deathly Shinigami from the Japanese animation DeathNote, while Petya ransomware is named after a weaponized satellite from the James Bond film GoldenEye. But when it comes to Trojans, ZeuS lies on the top of the list of dangerous malware with curious names.

What made ZeuS so dangerous?

ZeuS was fittingly named after a God from Greek mythology because the term “Trojan” also comes from Greek literature. It’s also fitting because the banking Trojanwas almost godlike compared to other malware:

• It used multiple attack vectors like phishing, spam, and drive-by downloads.
• ZeuS quickly stole banking and other financial information from web browsers.
• The data was sent to a command & control (C&C) server that was challenging to trace.
• ZeuS turned infected systems into bots for a botnet.
• There are over 500 versions of ZeuS, with various capabilities.
• The developers of ZeuS were protective of their software and organized.
• Some variants of the Trojan could also attack mobile devices like Android, Symbian, Blackberry.
• The banking Trojan stole data in multiple ways, including screenshots, keyloggers, and more.
• ZeuS employed web-borne exploits.
• Millions of victims never realizedZeuS had stolen their files because of the sneaky nature of the malware.

What happened to Zeus?

ZeuS began to lose steam after the original creator of the code moved on, and the FBI arrested its new authors, Aleksander “Harderman” Panin and Hamza Bendelladj. Both Panin and Bendelladj were apparently behind the SpyEye Trojan, which was a notorious information stealer. The duo merged the two pieces of malware to create a more threatening hybrid.

Zeus is Dead. Long live Zeus.

Just because ZeuS’ original creator sold the Trojan and the new owner was arrested, doesn’t mean that the malware is entirely dead. Someone leaked the source code for ZeuS in 2011, and other groups began offering ZeuS botnets on a pay-as-you-use business model. Additionally, certain threat actors started using ZeuS code to create some of the following variants:

• Citadel
• Panda Banker
• Floki
• Sphinx
• Terdot
• GameOver

Sadly, no one thought to pick names like Apollo, Artemis, or Athena for ZeuS’ variants. Some reports also suggest that the original creator of ZeuS didn’t quit. Instead, they went underground to develop a more private and robust version of the Trojan.

Virus vs. Trojan

While many people call it the ZeuS virus — it’s not a computer virus; it’s a type of malware called a Trojan horse. The word “virus” has become a catchall term for any malicious software when the correct term is “malware.” So, what’s the difference between a virus and a Trojan?

Well, viruses are a class of malware that can destroy your data and spread by corrupting files. Trojans are a separate class of malware that use deception to enter a system and can have different capabilities. For example, ThiefQuest was a fake Mac video gameTrojan hid spyware and ransomware. Here are some different typesof Trojans in the wild:

• Backdoor Trojans open secret backdoors on your system to allow threat actors to perform other malicious tasks.
• Downloader Trojans can drop other malware on your computer like spyware or rootkits.
• Password-stealer Trojans steal your login credentials.
• Game-thief Trojans are password-stealers that go after your gaming accounts.
• Ransom Trojans can nerf your computer’s hardware until you pay a ransom.
• Botnet Trojans turn your system into a bot for a botnet in order to launch Distributed Denial of Service (DDoS) attacks.
• Banking Trojans go straight for your financial data like your credit card numbers or the passwords to your banking accounts.

How to stop ZeuS and its variants

• Update: Download and install security patches for the operating system and browsers on your mobile device and computer to stop malware like ZeuS from exploiting flaws. Likewise, update your router and smart devices to prevent them from becoming bots.
• Cloud antivirus: Try a cloud antivirus download to protect your system from web-borne malware. At the very least, download anti-malware software to complement your PC’s baked-in antivirus solution.
• Avoid ads: ZeuS relies on malvertising to infect your computer.Don’t click banners, pop-ups, and other adsto avoid contracting malicious code from webpage advertising.
• Avoid unsafe websites: You may get malware on your computer through a drive-by download on an unsafe website even if you don’t click anything.
• Don’t use pirated software: Pirated software is often a delivery mechanism for malware like ZeuS. Moreover, you usually can’t download critical security patches for unlicensed software.
• Open emails, texts, and USB devices carefully: Threat actors use social engineering to manipulate you into making bad judgments. For example, don’t open strangely urgent-looking emails with attachments as they may be hiding ZeuS or other viruses and malware.
• Don’t trust your browser with your passwords: ZeuS was infamous for mining passwords from Internet explorer. Instead of saving your password in a browser, use a password manager that stores login credentials in an encrypted space on the cloud.