Zbot/Zeus
Zeus, also known as Zbot, is a notorious Trojan
which infects Windows users and tries to retrieve confidential information from
the infected computers. Once it is installed, it also tries to download
configuration files and updates from the Internet. The Zeus files are created
and customized using a Trojan-building toolkit, which is available online for
cybercriminals.
Zeus has been created to steal private data from the infected systems, such as system information, passwords, banking credentials or other financial details and it can be customized to gather banking details in specific countries and by using various methods. Using the retrieved information, cybercriminals log into banking accounts and make unauthorized money transfers through a complex network of computers.
Zbot/Zeus is based on the client-server model and requires a Command and Control server to send and receive information across the network. The single Command and Control server is considered to be the weak point in the malware architecture and it is the target of law enforcement agencies when dealing with Zeus.
To counter this weak point, the latest variant of Zeus/Zbot has included a DGA (domain generation algorithm), which makes the Command and Control servers resistant to takedown attempts. The DGA generates a list of domain names to which the bots try to connect in case the Command and Control server cannot be reached.
Zeus/Zbot, known by many names including PRG and Infostealer, has already infected as many as 3.6 million systems in the United States. In 2009, security analysts found that the Zeus spread on more than 70,000 accounts of banks and businesses including NASA and the Bank of America.