Quantcast

Online Banking Threat Bypassing Up-to-Date Anti-Viruses

Most Infections Occur on Up-to-Date Systems

Get the WebProNews Newsletter:


[ Business]

There is an online banking Trojan out there that is bypassing up-to-date anti-virus programs as much as 77% of the time, according to security company Trusteer. The Zeus Trojan is also known as Zbot, WSNPOEM, NTOS and PRG. It is the most prevalent financial malware on the web, Trusteer says.

"When we set out to measure the efficiency of anti-virus products in the wild against Zeus, we had no idea what kind of results we would get," said Amit Klein, CTO of Trusteer and head of the company’s research organization. "The findings, that up-to-date anti-virus programs were only effective at blocking Zeus infections 23 percent of the time, are disturbing. This is bad news for consumers and banks, since the vast majority of Zeus infections are going unnoticed."

Zeus infects computers and waits for the user to log onto a list of targeted banks and financial institutions, before proceeding to steal the user’s credentials, which are then sent to a remote server in real time. If that wasn’t enough, it can modify web pages from a bank’s servers in the user’s browser and ask for personal information, such as card numbers, PIN numbers, passwords, etc.

Here are some numbers from Trusteer, collected from consumer PCs one day this month:

Zeus Infected

Perhaps the most disturbing part of Trusteer’s findings is not that Zeus is bypassing up-to-date anti-virus programs so frequently, but that the majority of infections appear to be occurring on up-to-date machines.

Zeus Infected

Trusteer’s findings stem from a sample of more than 10,000 users of the Rapport browser security service, whose machines were infected with the Zeus Trojan. The company’s full report on the issue is available here (pdf) for further details.

Online Banking Threat Bypassing Up-to-Date Anti-Viruses
Top Rated White Papers and Resources
  • Stupidscript

    The report indicates that Zeus uses “rootkit” technology to evade detection. Wouldn’t that make it more of a “rootkit”, even though it does not actively seek root privileges? Regardless of how it propagates (which is where the “virus” label would be appropriate), Anti-virus programs are not looking for “rootkits”, so how could one expect an anti-virus program to detect it?

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom