Zeus: How to Fight Back

Sophisticated Trojan Demands New Game Plan

Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Malware expert Andreas Baumhof says to defeat Zeus, financial institutions have to change their approach.

Zeus, a financially aimed malware, comes in many different forms and flavors. It can be tweaked to hijack personal PCs, or come in the form of a keylogger that tracks keystrokes as users enter them. But the one commonality is that Zeus malware aims to steal online-banking credentials, and phishing schemes and drive-by downloads are most often the avenues hackers use to spread this increasingly sophisticated and evolving Trojan.

Baumhof, who serves as the chief technology officer at online security vendor ThreatMetrix, says a sophisticated end-point solution can be a good proactive approach to ensuring end-user devices aren't infected.

"But in order to provide complete protection, we also need to look at the server side and tie in any kind of protection and information from the end-user's device into the strong security chain," Baumhof says in an interview with Information Security Media Group's Tracy Kitten [transcript below].

Stronger fraud detection tools also need to be included, Baumhof says. ut technology alone won't solve the problem. "It's not really about technology, it's about the end-user," he says.

During this interview, Baumhof discusses:

  • How banking institutions could make wiser investments to fight Zeus;
  • Why Zeus' longevity poses new and increasing concerns;
  • How information sharing could improve protections.

Baumhof is an expert in encryption, PKI, malware and phishing. Before joining ThreatMetrix, Baumhof was an executive director, CEO and co-founder of Australian-based TrustDefender, a provider of security and fraud detection technologies. Baumhof previously served as co-founder and chief technology officer of Microdasys Inc., a provider of deep content security systems. While there, he developed the first SSL proxy and has patents pending in Europe and the U.S.

TRACY KITTEN: Before we get started, can you tell our audience a bit about what spurred ThreatMetrix to initiate its research into the growing power of Zeus?

ANDREAS BAUMHOF: ThreatMetrix is in the business of protecting consumers and online businesses, as well as financial institutions, from any kind of fraudulent transaction, be it through fraud manually or by malware automatically. Zeus is ... malware that is highly sophisticated and highly successful in targeting various financial institutions over the last six years. This is an example of malware we constantly monitor and we constantly look at how it evolves and whether there are new target vectors, whether they're changing their tactics or whatever they do. This is one thing we do to make sure we understand what the bad guys do [so that we can] protect the good guys.

Malware Research

KITTEN: ThreatMetrix based some of its analysis on research that was conducted over the course of a month. How was the research conducted and what did you glean?

BAUMHOF: We at security research have focused on the malware, so we don't really focus on how much money is being lost by financial institutions. We focus on the malware and what the malware is doing. Any fraud groups and rings, when they distribute the malware, it's basically out in the open. We have lots of senders and honey pots so we know about the malware. We then have our internal engineers looking at those samples, making sure we can find the configurations behind the Zeus Trojan. We really know exactly what the Zeus Trojan is doing. Zeus is one of the very sophisticated Trojans - they can take the same Zeus Trojan and configure it so it targets different brands, different financial institutions, different merchants completely differently to either steal personal information, but also, for example, fully automated wire transfers. We look at the Trojan and the configuration behind it.

Understanding Zeus

KITTEN: What is it about Zeus that makes it a different kind of malware, a malware that poses increasing threats to the online community?

Around the Network