Online Banking Threat Bypassing Up-to-Date Anti-Viruses

    September 16, 2009
    Chris Crum

There is an online banking Trojan out there that is bypassing up-to-date anti-virus programs as much as 77% of the time, according to security company Trusteer. The Zeus Trojan is also known as Zbot, WSNPOEM, NTOS and PRG. It is the most prevalent financial malware on the web, Trusteer says.

"When we set out to measure the efficiency of anti-virus products in the wild against Zeus, we had no idea what kind of results we would get," said Amit Klein, CTO of Trusteer and head of the company’s research organization. "The findings, that up-to-date anti-virus programs were only effective at blocking Zeus infections 23 percent of the time, are disturbing. This is bad news for consumers and banks, since the vast majority of Zeus infections are going unnoticed."

Zeus infects computers and waits for the user to log onto a list of targeted banks and financial institutions, before proceeding to steal the user’s credentials, which are then sent to a remote server in real time. If that wasn’t enough, it can modify web pages from a bank’s servers in the user’s browser and ask for personal information, such as card numbers, PIN numbers, passwords, etc.

Here are some numbers from Trusteer, collected from consumer PCs one day this month:

Zeus Infected

Perhaps the most disturbing part of Trusteer’s findings is not that Zeus is bypassing up-to-date anti-virus programs so frequently, but that the majority of infections appear to be occurring on up-to-date machines.

Zeus Infected

Trusteer’s findings stem from a sample of more than 10,000 users of the Rapport browser security service, whose machines were infected with the Zeus Trojan. The company’s full report on the issue is available here (pdf) for further details.