The level of detection by AV software is quite scary, especially since the malware is specifically targeting bank login details and it has the ability to intercept the browser process.
Definitely one to watch out for in your organization.
One of the world’s nastiest password-stealing trojans evades detection by the majority PCs running anti-virus programs, according to a study that examined 10,000 machines.
Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, according to the study [PDF] released by security firm Trusteer. Even AV programs with up-to-date malware signatures were unable to identify the infection a majority of the time, the authors said.
Zeus, which also goes by the name Zbot and PRG, escapes detection using sophisticated techniques such as root-kit technology, the Trusteer report said. The company is able to detect it by examining the fingerprint Zeus leaves when it penetrates an infected PC’s browser process.
It seems to be operating on a level that the AV engines can’t even detect as when installed with the latest signatures they still can’t alert a user they are infected.
It’s time AV engines get a little more advanced and hook into important processes like the browser and ensure they aren’t being tampered with or monitored.
Some kind of active memory protection must be possible.
A recent report estimated that Zeus is the No. 1 trojan, with 3.6 million infections in the US alone, or about 1 per cent of the installed base of PCs. Trusteer’s study, which found Zeus accounted for 44 per cent of the banking malware infections, was consistent with that finding. After sneaking onto a PC, it sits quietly in the background until a user logs on to a financial website. It then sends the login credentials to a remote server in real time, sometimes by use of instant messaging programs.
Of Zeus-infected machines, about 31 per cent don’t run AV at all and 14 percent run AV that’s out of date. The remaining 55 per cent had AV programs that were up to date.
Sitting at number 1 trojan this is a serious issue, especially with the stealthy mode in which it operates it looks like it’s going to be hard to stop the infections.
I someone comes up with a tool or method to prevent and detect these infections.
Source: The Register