back to article World's nastiest trojan fools AV software

One of the world's nastiest password-stealing trojans evades detection by the majority PCs running anti-virus programs, according to a study that examined 10,000 machines. Zeus, a stealthy piece of malware that sits on a PC and waits for users to log in to bank websites, is detected just 23 per cent of time by AV programs, …


This topic is closed for new posts.


Thanks for the heads up but...

Providing a link to tools the specifically target and clean this infection might have been nice, as well as a list of which AV programs have good success rates would also have been nice (cross referenced to their overall success rates with other viri, which might be lower).

Sounding the alarm doesn;'t do a whole lot of good if you can't actually assist us.

Some clues as to how it infects the machine, and how to prevent that might also be nice...


Simple solution

Go down the pub, spend all your money on beer and then it doesn't matter if Zeus steals your account details as there will be no money to steal!

Silver badge
Thumb Up

2 words

key scrambler

go google.(hint, qfx)


@The original Steve

"Your a moron."

Thanks, that sets the tone for the rest of the response.

"This isn't some sort of Windows security hole. It's software that's been installed / ran by a user (and if it uses a root-kit they'll need admin rights) that does what the developer intended."

On a platform that defaults to allow such kind of software to run with admin rights because users default to admin rights, perhaps?

"Your telling me Linux prevents that?! If so I'm glad I don't develop for it."

It does not completely prevent it, just makes it more difficult. Nothing can ensure peace of mind, but there are ways to minimize it. Windows has to deal with a lot of badly written software that simply does not know how to run without admin rights, even if it is perfectly possible. What I cannot understand is the second sentence: are you glad developing for a platform that allows users do stupid things?

"Number of major flaws on OSS recently only backs up the theory that malware is targeted for the biggest audience rather than the weakest platform - which would be any platform with the largest number of users who happily install any old crap that comes on a email."

Whatever the reason, you seem to have reliable data on the number of OSS flaws versus other platforms, care to share that evidence? I'll share my evidence. Number of security outbreaks, infections, or any other kind of attacks in 2 Linux home boxes in 8 years:zero. Without running any kind of antivirus or similar security tools. Just the home router firewall, thanks. 8 years without devoting a second of my time, a cycle of my CPU or a byte on my hard disk to protecting me from something that should not be so easy to happen in the first place.

Whatever the reason, fact is, Linux is more secure. I don't care if it is because not popular or because is more secure or probably because both things at the same time. The plain fact is that Linux is more secure.

I'm ready to admit that if you configure Windows properly you can achieve similar levels of security. But that will be at the cost of some software not working properly, some of your machine resources devoted to that, plus the time you need to spend doing it. And yet after all that you'll not be free from things like SMB exploits happening.

"P.S. Now installing Windows 7 on a VM. 15 minutes total install time."

Mmmmm.... interesting, you really should post a YouTube Video of your VM W7 install, I'm sure the world will be shocked to know that you can install on that short time. Again, care to provide proof?

"Better than Linux? Not really. 6 Hours? Get a watch."

No, not really, I was making that number up. Make it 30 mins for the base OS, another 30 mins for Office and 2 and half hours of applying service packs, patches and rebooting. Only 3 and half hours, tops.

Ubuntu comes alive in 45 minutes, patches incuded, with office productivity, mail client, etc, already installed.

Oh, perhaps in your world where everybody who does not think like you is a moron time runs differently. But thanks to you and people with your midnset, Windows will always keep a big market share and the rest of the world will be safe. Please keep using Windows, Linux does not need users like you.


@ Stuart37

> Not been funny, I Could be very wrong but everyone seems preoccupied with how they can protect themselves from this great big evil virus. Well in short, don't go to dubious websites etc and that way you reduce the risk of getting infected in the first place.<

Good thinking... only one of the Zeus variants infecting systems was coming from the Paul McCartney site (just re released all the Beatles library in cleaned up Mono and new Stereo - not him, but you can bet his website has surged with visits).

Unless you consider him dubious, which is fair enough.

Silver badge

world's nastiest trojan

I'd think that would be any that Ron Jeremy takes off.

Sorry, I'm just leaving...


Office under wine

Office up to and including 2003 I've run without problems under wine - the one thing that still defies me is Publisher, which is a pita because certain people insist on sending me stuff in .pub format, damn their eyes.


OMG Doom! Again!

OMG Doom! Again! As usual, our only hope is to become customers of security firm Trusteer.


Variants and stealth features. Not 23% of AV products...

...but a 23% (average) detection rate, regardless of AV product. Some did better, some almost certainly failed utterly, but none was able to detect/block with 100% surety, because the proliferation of variants (and ability to obfuscate any signatures) leaves the AV vendors trailing a long way behind.

Seems like this might be a better interpretation of some rather loose language.

A new varriant every 5 minutes makes it very easy to get bitten when your AV software auto-updates only once a day.


My first question

was: "What are they selling?"

After reading the report and finding no actionable information, I asked again, "No, really. What are they trying to sell me?"

Seems Trusteer has just the thing to fix the very problem they say nobody else can fix.

Convenient, that.

Silver badge

Good grief !

The 'report' seems to be a poor product, with little info., terrible analysis and liitle evidence etc.. Unfortunately it has been echoed around the globe by many on-line publications. I note SANS has not joined the hysteria.

As for the OS - let each choose their own - I choose Linux (since ~1993), if anyone feels safer with anything else then so be it. Unfortunately we all have to live with this situation and hysteria, bitching, misinformation and plain ignorance does not help. This menace needs to be tackled with a united front. For banking one-time passwords seem a very sensible way forward, combined with a broad array of measures including : suspicion, care, good AV, safest web-browser, updated software, bank security measures.

I choose Linux, Firefox (with NoScript ), Thunderbird and a healthy dose of scepticism, anyone else is naturally free to differ.

By the way free software (esp. Linux) is not just free as in free beer but free as in FREEDOM.

Installing Linux on most hardware ( I have 6 systems I care for ) takes 30 -60 mins ( I mostly use OpenSuse ) and does NOT require the use of the command-line - but what a blessing it can be.

I'm not anti-MS but I only run one laptop with XP, mainly for a small number of programs that are better than the Linux alternatives - I use Linux for the greater number that are better or as good for my purposes.I certainly don't consider it healthy for the entire world to be dependant on 1 OS apart from any other considerations. It's like ALL of us having the same MHC ( and therefore being equally susceptible to a (biological) infection wiping the whole planet out.

Spleen voided

Have a good weekend.

( I think the guy who suggested spending everything down at the pub as a security measure was more useful than most of the other comments !)


@ Grease Monkey

The Mac and Linux communities are affected by the news but the virus has no effect on their computers; their smugness is effected but not affected.

Thumb Down

nix *nix

@Anonymous Coward 14:48

"...W7 install, I'm sure the world will be shocked to know that you can install on that short time. Again, care to provide proof?"

Installation time of Kubuntu and Windows 7 RC on my Atom-based Internet PC are virtually identical.

Kubuntu is longer to configure overall though since many of its default base apps are junk and have to be replaced with others from the packager.

Oh, and FYI, Windows 7 performs better on this system than K/Ubuntu because it is using a threaded UI -- K/Ubuntu lags like terrible on the UI when torrenting etc.


Trojan writers

If any politician would suggest implementing a law that would create the death penalty for people who write trojans or viruses, I'd vote for them in a minute. Add in life without parole for anyone creating bots that add messages in forums and I'd nominate them for sainthood.

I use a Mac and I'm smart enough not to fall for social engineering crap, so it doesn't directly affect me. But it makes my life a lot more difficult. The small online forum I host gets about 5 real messages per week - but about 30 spambot messages per week, even though all the security is turned on (phbb). I spend a lot more time getting rid of the spam crap than dealing with the forum.

it's about time that someone does something about this. There are reasonable technical solutions in addition to tracking the people down and leveling criminal penalties.


The biggest problem is education and the industry....

If the OS-whiners could pause their usual knee-jerk kindergarten argument about who is fit to run Linux and "smug" users, they might actually notice what the biggest reported problem is with keeping computers free of infection:

"Of Zeus-infected machines, about 31 per cent don't run AV at all and 14 percent run AV that's out of date."

Or, close to half of all Windows users seem to believe they are invulnerable to attack. This is a MUCH bigger deal than Mac or Linux users touting OS's that, let's face it, ARE vulnerable to fewer viruses. This is a much bigger deal than arguing about how secure Windows is or isn't.

Maybe we could someday stop all the time-wasting and figure out how to get computer users to put antivirus software on their machines? Maybe the manufacturers could start including some kind of educational material, or AV software that doesn't bog down the entire system and expire after 60 days? Maybe the tech support staff who like to sneer and make jokes about idiot users could make politely imparting information and explaining the need for basic security part of their job?

Because I can tell you, out here in the support trenches, the AV numbers are even wors.. People will look straight at you and say they still don't understand why they need to worry about AV software, because they don't bank online, or have any confidential information on their computer, etc., etc. It takes time to explain about things like botnets and denial of service attacks and being a good net citizen, not to mention all the nasty problems viruses can cause them as well. Making AV software available for free hasn't even helped.

Maybe we could all band together and petitions ISPs to kick infected machines offline until they clean up their act? Require subscribers to prove they know how to keep their AV software up to date before they can get an account in the first place?

The problem is not smug Mac/Linux/Unix/BeOS/OS2/VMS/DOS/CPM/abacus/sliderule-insert-your-favorite-non-Windows-alternative users who AREN'T getting and spreading viruses like Zeus. The problem is the huge percentage of Windows users who ARE.

Not knowing how the different AV engines performed doesn't make this report "inadequate," as one person put it. 45% of users had no protection or out-of-date protection. If there's anyone reading this who doesn't already know how the "nothing" AV engine fares in tests, raise your hand.

A 100% failure rate over 45% of users is a fairly scary, and certainly adequate, statistic. It makes the virus itself seem quite harmless in comparison to the toll taken by the apparent failure of an entire industry - one that has dropped the ball where educating users and increasing security is concerned.

snark snark snark grrrrrrr



everyone please read Chris Morley's post

Nail on head. Many of us routinely remove any preinstalled AV software from friends'/relatives' PCs because it's bloated, intrusive, buggy, overpriced nagware that causes more problems than it solves.. We need better products, ASAP.

AV vendors, please wake up and smell the coffee. Reclaim your image and your market.


not alone

Go onto any "hacking" forum these days and you'll see kiddies who can obtain software for a few $$ to create a "fully-UD" (undetectable) virus. A 23% detection rate would be seen as poor. These kids buy freely available keyloggers such as turkojan or ardamax and just crypt them to make them UD. These crypted loggers can be sent freely throughout the internet and give thousands of bank details to kids as young as 13. anyone with a Windows PC can do it.

When i saw the detection rate i was actually suprised at how _high it was.

Paris Hilton

PR for the company?

I attended a meeting with Mr Klein, the CTO of Trusteer, a while back. He asked how effective AV software was these days. He replied that it picked up only 40% of the viruses and malware out there. So I guess if Trusteer can show how good they are at detecting the bad stuff that AV products can't then that's priceless PR for his cause. After all he's in the market of selling his products to the banks!

Paris, because I'd rather she protect my assets.



i've been running Ubuntu for four years now and I would like to say one thing - it's a great OS but the Apps are crap. They should be called "crApps."

Open Office sucks. Simple. It is nowhere near as good as Office 2007. NEVER do your CV in OOo, unless you're on welfare/jobsearch/dhss/dole (whatever you call it in your home country) and you're only applying to be able to tick a box and collect your cheque.

Evolution: tried it, pure rubbish.

... and try finding a game that runs natively in Linux. Good luck with that. Ditto with trying to get a Nokia phone, USB camera or iPod to work without an emulator (wine, got it. not really a long-term answer though, is it?)

Tell you what Ubuntu does do VERY well - gives you a free OS to use as a media server. If that's what you need, go Ubuntu. You can even run it on the PC you owned ten years ago. No, really.

It's not that I don't appreciate Ubuntu - it has run my Squeezecentre for years - but, unless the primary result of you leaving home is that, somewhere, there's a village deprived of its idiot, there's no real difference between linux and windows - good security thinking and practices will prevent infection.

If you're borderline, buy a Mac - at least the software is written by professionals.

... oh, and on the online banking thing - if your bank's website is that bad that you enter a cleartext password, then you need to either change banks or don't use their website. If they have that little respect for your security, they won't support you if it's breached.

Jobs Halo

aww poor likkle Windows-sufferers

It's fun watching you squirm.

You realise you spent good money to suffer like this right?

Get a grip, get a life, get a Mac.


What - another dimdoze pimple?

Want to meet up and have a laugh later? Go and fetch Alien Arena (cross platform - works nicely in Ubuntu too). I just waiting for the phone to as the masses want another consultation!


Ha ha

Ha ha ha

Ha ha ha ha ha


Anonymous Coward

AV is shite

There are very few AV products that protect users against trojans or keyloggers. But then what do expect from an industry that can't protect against anything it doesn't already know about. The thing that surprises me is why Symantec et all haven't been sued yet for false advertising. None of them do as they claim, often as not they are beaten by the incredible advanced malware technique of renaming the virus or trojan to something not on a list of names of viruses and trojans. Given the wild and unrealistic claims on the boxes of these products, if there was ever something that deserved to be forcibly taken off the market for false advertising, antivirus software would be it.

I've only found one application that actively guards against malware.. ie. prevents an attack as it happens and doesn't require a hard disk scan to do it. It also finds and removes trojans that most antivirus products won't detect or can't clean from your system. While far from perfect at least it tries to protect the user from themselves in real time, which is more than any other product does, but then PC Tools were always a step above most other software houses.

Silver badge

Missing information

How does it infect a computer? Must the user install it, or does it install itself?

Also, what is the target OS? Windows? Linux? OS/2?

- If the user/ne'er-do-well have to install it by hand, then we can rest better. On the other hand, if it can install itself when you browse the Wibbly Wobbly Web, then simply blocking executables and downloads at firewall level and you should be safe.

- If it can download and install itself, what are the infection vectors it take to install itself? Otherwise this study is meaningless, and just scaremongering.

- Target OS is too vague. We all have to assume Windows since the majority of viruses is written to target windows. But it will be nice to know for sure.

FAIL because it's scaremongering.



This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2018