Zeus 3: Easily Preventable, Discoverable, and Correctable
August 13, 2010The latest piece of malware making waves across the Internet is version 3 of the Zeus Trojan, also known as Zbot. Initially discovered in the wild in January of this year, the latest version has been around for close to a month and is making news as it empties out UK bank accounts.
So far the noted tally is on the order of £700,000.00, which is on the top-side of $1,000,000.00, from a single, so far anonymous, financial institution. Prudence on the part of the bank and affected clients is likely minimizing the reported number for now and, with the time it takes to clean these things out, the total loss is likely to escalate significantly when all is said and done.
Zeus is currently classified as a Medium level threat by the various bodies that track and rate these things based on the high potential level of risk being mitigated by the low level of difficulty in detecting and removing the threat. It affects Windows platforms from Win 95 through Vista (everyone pause while the Mac and Linux users pull a muscle patting themselves on the back again) and is distributed primarily through spam and drive-by-download. It is known to exploit a number of vulnerabilities, for all of which a patch exists.
And here is where our story goes sideways.
The threat has been around since January, exploits vulnerabilities for which patches exist, and is easily caught and cleaned with up-to-date anti-malware software. So, this is NOT a problem that we’ve not heard about before, is NOT something that exploits vulnerability that can’t be easily closed, and is NOT a threat that can’t be dealt with by readily available tools. Further, since it’s a Trojan, it’s not self replicating threat, and it can only be “contracted” by doing things that are known to be risky
Is the news here that over a million dollars of hard-earned equity has been stolen with more likely to follow, or that over 3,000 machines have been infected with a problem that was easily preventable, discoverable, and correctable?
Malware is a problem, one that gets bigger (seemingly exponentially so) on a yearly basis. It is widely estimated that the amount of malware code that exists now outstrips the amount of legitimate code so clearly we are all fighting an uphill battle against a pervasive threat. But that doesn’t mean that we have to make things easier for the bad guys. Following some basic guidelines and processes will ensure that these kinds of problems don’t affect you:
- Patch your systems. The vast majority of malware targets vulnerabilities for which patches exist and so making sure that your system is not susceptible to malware infection in the first place is always the best defense.
- Use an anti-malware tool. Anti-malware is not an expensive proposition, and is certainly less costly than losing thousands of dollars from your bank account, or even a handful of hours cleaning an infected machine.
- Keep anti-malware definitions up to date. The adage goes that a workman is only as good as his tools. Anti-malware providers update their virus definition databases regularly and not making use of up-to-date definitions only hinders the capability of the tool.
- Practice safe surfing. Be careful opening e-mail from unknown addresses, and certainly don’t open attached files or click on links from anyone but the most trusted of your contacts (even then exercise caution). Be careful about the websites you visit and consider a site reputation filter for your browser.
Individually, following some dyed-in-the-wool practices and exercising a modicum of caution goes a long when towards making sure that you are not the next subject of a computer virus story. Collectively those same steps go a long way towards making sure that such stories become things of the past.
This entry was posted in Analyst's Angle, News & Analysis and tagged malware, microsoft, security. Bookmark the permalink.
Comments are closed.