Just when security companies have developed new ways of dealing with the infamous Zeus Trojan, a variant characterized as the "Son of Zeus" has arisen. Worse yet, the variant has the trait of being virtually undetectable by conventional antivirus applications.
About the Zeus Trojan and MS Windows
The Zeus Trojan made headlines back in 2009 as a "highly customizable" tool for hackers. It's main mission is to sniff out financial information and break into online bank accounts. Security experts estimate that the Zeus Trojan has been used to infiltrate tens of thousands of PCs around the world. Owners of infected PCs are unaware their computers are even infected, with the majority (if not all) of infections targeting MS Windows PCs.
Zeus a Persistent Threat, Continues to Morph
The Zeus Trojan continues to be a persistent threat and was responsible for stealing 3 Million US Dollars (as of October 1st, 2010) and a reported 6 Million British Sterling from UK bank accounts (Source: itnews.com.au).
The latest revision of the Trojan ("Son of Zeus") Trojan is codenamed "TSPY_ZBOT.BYZ," according to security experts. The reason why it is able to slip by conventional antivirus programs is because it imports a large number of application programming interfaces (API's), making it difficult to know (or even predict) where it will strike next. (Source: itpro.co.uk)
New Variant More Efficient Than Original
As is the case with most types of malware variants, the newer version is somewhat different (and much more efficient) than its predecessor. It is also different in its compression and can foil a detection system based on calculable entropy. In a nutshell, calculable entropy pertains to finding where in the viral code certain trigger routines might be hidden and gives TSPY_ZBOT.BYZ its "undetectable" status.
With most forms of malware, security companies are able to isolate the virus in a virtual "sandbox" and track how the code was executed, what system changes it made and any network traffic it generated. Thus, Zeus (in all of its forms) refuses to "play in the sandbox". (Source: itnews.com.au)
Conventional Antivirus Not Sufficient
This spells disaster for most security companies whose primary focus is to keep their customers safe. As Trend Micro research engineer Julius Dizon expressed, "To properly guard against this threat, conventional antivirus is not sufficient. Only improved detection techniques and proactive blocking of the websites, working together, can protect users."
Razorpoint Services Can Protect You
Mainstream network security providers are fine for organizations looking to "check the box." Most can neutralize the average hacker and help organizations comply with a security checklist. They apply their technologies and processes and fix the obvious problems. But these organizations usually are not suited to keep pace with the world's most sophisticated cyber criminals. Razorpoint is.