Up to 88% of Fortune 500 companies may have been affected by the Zeus trojan, according to research by RSA’s Fraud Action Anti-Trojan division, part of EMC. The trojan installs keystroke loggers to steal login credentials to banking, social networking, and e-mail accounts.
The botnet was first identified in 2007 and is still around today. The malware tends to be difficult to detect and remove, and several million machines worldwide are believed to be infected.
The malware itself predominantly attacks Windows XP machines, though Windows Vista and Windows 7 variants are available for sale too.
Smaller companies (those with fewer than 75,000 employees) appeared to have a higher proportion of infected employees, suggesting that perhaps larger corporations are more effective at securing their systems and data. Home computers not subject to corporate IT policy but used to access corporate mail and networks are a particularly high risk.
From Ars Technica, Almost all Fortune 500 companies show Zeus botnet activity
So, despite all the anti-malware software typical IT departments (and PC vendors) inflict on users and all the restrictions those users have to put up with (a typical user in a typical large corporation can’t install software for themselves, for example), we get this result. (I wonder if there’s a keylogger on my PC at work…
BTW Zeus is freaking scary. Of course, Microsoft is there to help:
About a year ago the state of the art in malware advanced to the point where Windows indexing or Outlook preview would automatically open PDF attachments and allow infection without any explicit user action at all.
From a comment on krebsonsecurity.com, Zeus Attack Spoofs NSA, Targets .gov and .mil
And, from the same series (of very intelligent comments) there’s this reminder that root access isn’t important:
Keep in mind that this is the same trojan which will, according to BK in a previous Security Fix column, happily run under LUAs. That would, in turn, defeat the previous advice to use a LUA for day-to-day use.
Users live in user accounts. User data lives in user accounts. Everything valuable is in user accounts. Root access is for compromising systems — when the system essentially has one user it’s no comfort to know that “well, they may have stolen my identity but my PC still boots”.
Now, it’s worth noting that the Zeus botnet is based on trojans (which should, of course, be called Greeks) — there’s pretty much nothing one can do about trojans short of never downloading or installing anything on your computer. Perhaps Charlie Miller and other security researchers should be called Cassandras.
(Meanwhile, the first reports of Apple’s latest patch I saw were along the lines of “Apple forced to release patch just two weeks after last one”. Either Apple is too slow to patch, or it’s forced to hurry I suppose. At least PCWorld has stopped being weirdly hostile again and pointed out that Microsoft is yet to patch the IE8 vulnerability revealed at Pwn2Own.)
I’m pretty sure I’ve linked this site before, but it remains simply staggering how much malware activity there is on the Windows side of things. If Apple’s lack of market share is preventing this from leaking over onto my favorite platform, I have just one thing to say: please do not buy a Mac. Thank you.