Author Topic: Zeus Trojan (Read 8565 times)

ginigma · « **on:** September 10, 2009, 03:59:39 PM »

Does avast home find the Zeus Trojan which is being used to capture online banking credentials? I tried searching the avast web site but couldn't find anything there.

DavidR · « **Reply #1 on:** September 10, 2009, 04:43:50 PM »

The problem is that malware names are different from one AV to another so there is no direct comparison as there are multiple aliases. So searching the avast web site of the avast virus database may not reveal anything but that doesn't mean it doesn't detect it.

There are also variants of trojans, etc. so even if in the avast virus database (and there are two with ZEUS in the malware name). There really is no way to tell without a sample and that is true of any AV not just avast.

Mr.Agent · « **Reply #2 on:** September 10, 2009, 11:14:38 PM »

Well in VPS 90906-0 i see Win32:Banker-GCR [Trj] so does he talk about this ?

DavidR · « **Reply #3 on:** September 11, 2009, 12:05:20 AM »

Too much guesswork, as I said one malware name could be almost anything in another AV and I would suggest there are many different trojans trying to steal banking details, the only way to tell for sure is by sample.

spg SCOTT · « **Reply #4 on:** September 11, 2009, 12:13:05 AM »

Quote from: DavidR on September 10, 2009, 04:43:50 PM

The problem is that malware names are different from one AV to another so there is no direct comparison as there are multiple aliases.
...

Very true, all you have to do is look at a VT detection to see this. Almost no common name most of the time...

Tgell · « **Reply #5 on:** September 20, 2009, 01:19:38 AM »

Online Banking Malware Eludes Detection and Infects More than Two Thirds of
Machines
NEW YORK--(Business Wire)--
Trusteer, the customer protection company for online businesses, reported today
that the Zeus online banking Trojan infects machines that are running up-to-date
anti-virus programs up to 77 percent of the time. These findings are based on a
sample of more than 10,000 users of the Rapport browser security service, whose
machines were infected with the Zeus Trojan.

Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent
financial malware on the Internet today. It infects consumer PCs, waits for the
user to log onto a list of targeted banks and financial institutions, and then
steals their credentials which are sent to a remote server in real time. It can
also modify, in a user`s browser, the genuine web pages from a bank`s web
servers to ask for personal information such as payment card number and PIN, one
time passwords, etc.

The report released today by Trusteer found that the majority of Zeus infections
occur on machines which have an installed and up-to-date anti-virus product.
Specifically, Trusteer found that among Zeus infected machines:

* 31% had no Antivirus protection installed
* 14% had Antivirus protection installed, but signature files were not up to
date
* 55% had up-to-date Antivirus protection installed

Code: [Select]

http://www.trusteer.com/files/Zeus_and_Antivirus.pdf

Author Topic: Zeus Trojan (Read 8565 times)

ginigma

Zeus Trojan

DavidR

Re: Zeus Trojan

Mr.Agent

Re: Zeus Trojan

DavidR

Re: Zeus Trojan

spg SCOTT

Re: Zeus Trojan

Tgell

Re: Zeus Trojan