Zeus: The Sneaky Malware Stealing Your Money

An estimated 3.6 million PCs in the U.S. are infected with the Zeus virus. Be warned: It's one of the sneakiest, most vicious malware programs out there.
President, Proximo, LLC
January 15, 2013

Small-business owners need to be on high alert for the latest variants of the so-called Zeus Trojan horse. This malware uses sophisticated methods to gain access to your online banking information and deplete your account balance via electronic transactions. While there are numerous pieces of malicious software that can accomplish this, Zeus is by far the worst for several reasons. First, Zeus is almost undetectable even to leading anti-virus programs; second, Zeus can fool you into thinking that the money remains in your account, so you're unaware of the loss until it’s too late; and finally Zeus is not a static piece of software, but can morph, rendering attempts to stop it futile.

Breaking Down The Geek-Speak 

Zeus is considered “malware,” which means malicious software used to gain access into a computer or computer network. There are many types of malicious software, such as viruses, which modify a computer file, and Trojan horses, which facilitate unauthorized access into a user’s computer system. A Trojan horse, in keeping with its namesake, appears innocuous to the user. Typically it's disguised as a computer game or even a computer security application. The user installs it on his or her computer thinking it's safe, but once it's launched, the Trojan horse can give a hacker remote access to your computer or record all your keystrokes on your computer’s keyboard to capture username and password information. Many times users aren’t even aware a program is being downloaded to their computers. Visiting the wrong website could trigger a “drive-by download” whereby the program is downloaded without your consent.

How Zeus Works

There are several million computers currently infected with Zeus and many thousands of Web servers as well. If you click on an email attachment or visit a website that's infected, it triggers a “drive-by download” that installs Zeus. Once Zeus is installed on your computer, it waits until you log in to your online banking website and records your access information. Since many websites now ask security questions in addition to passwords, Zeus will wait until you access the site a sufficient number of times to ensure it can access your accounts. When it has what it needs, it will send this information to the hacker, who then uses it to make electronic transfers from your bank account to numerous shell bank accounts. The size of the transfers and the number and location of transferees are designed to avoid detection. The most dangerous versions of Zeus will show you manipulated balance information on your screen so you don’t realize the money has been taken out. It’s only when you receive your statement at the end of the month or when your regular transactions fail that you realize what has happened.

The Zeus source code was released into the public domain by its creator. Hackers can now use the Zeus building blocks and modify them to suit their purposes, making it possible to have unlimited versions of Zeus in circulation. Hackers release only a few versions of a particular flavor of Zeus before changing it to avoid detection by antivirus software companies. For this reason, even up-to-date antivirus software won’t help. According to security company Trusteer, having fully updated antivirus software reduces your chances of infection by only 23 percent compared to a PC with no protection. The company estimates that over 3.6 million PCs are already infected in the U.S. alone. 

Security company Kaspersky recently announced that it had discovered versions of Zeus for the Android platform and the Blackberry platform, meaning it's now operational on mobile devices and mobile banking websites. 

The Danger for Small-Business Owners

Small-business owners are at a significant disadvantage over consumers when it comes to battling with Zeus. Most major banks reimburse consumer losses related to online attacks. Small-business bank accounts, however, are not afforded the same protections. If you inadvertently install Zeus and then access your business online banking, it could deplete your accounts, and you may be held responsible.

Read more articles on technology

Mike Periu is the founder of Proximo, a leading provider of training and educational programs in finance, entrepreneurship and information technology. He is a nationally recognized speaker, blogger and writer on small-business finance.

Photo: Thinkstock