Security Bytes

Sep 16 2009   1:29PM GMT

Zeus Trojan evades antivirus software, Trusteer says

Marcia Savage Marcia Savage Profile: Marcia Savage

A study of 10,000 PCs infected with the Zeus showed that the machines had antivirus installed.

The Zeus Trojan has already proven itself to be one nasty piece of malware in its quest for banking credentials. Now, a new report by security vendor Trusteer shows another alarming facet of Zeus: It’s infecting PCs with updated antivirus software 77% of the time.

In a study of 10,000 PCs infected with the Zeus, also called Zbot, Trusteer found that most of the infections occurred on machines where an antivirus product was installed and kept up-to-date: 31% percent of the Zeus-infected PCs had no antivirus while 55% percent had updated antivirus software. Installing antivirus and keeping it updated only reduces the probability of a Zeus infection by 23%, Trusteer concluded.

The study was based on reports gathered from consumer PCs running Trusteer’s Rapport, which the company said detects Zeus through a unique fingerprint the Trojan leaves when it penetrates the browser process. Rapport is a browser plug-in that protects online credentials and transactions. According to Trusteer, the technology detects whether a PC has antivirus and whether it’s updated through the Windows Security Center.

Trusteer claims that its test of how effective antivirus is against Zeus in the wild is more accurate than most other antivirus efficiency tests, which it says are performed in the lab. The test result, the company said, is “disturbing and reveals that the vast majority of Zeus infections go unnoticed by antivirus products.”

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: