This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Trusteer doubts Microsoft efforts against Zeus

Share this article:

Despite efforts by Microsoft to battle against the Zeus Trojan via its Malicious Software Removal Tool (MSRT), claims have been made that hackers still have a golden window of opportunity to steal money from bank accounts.

Last month, Microsoft announced the capability to add detection and removal for Zeus for its MSRT, however Trusteer claimed that it tested MSRT against hundreds of Zeus files and found that MSRT detected version 2.0 of Zeus about half (46 per cent) of the time, but is unable to detect the new 2.1 variant of the financial Trojan.

According to Mickey Boodaei, CEO of Trusteer, Zeus also has a significant advantage over MSRT as the tool does not operate in real-time and only disinfects a machine when it is running. Therefore hackers have a golden window of opportunity between the time of a Zeus infection and the next scan by MSRT to siphon off money from the victim's bank account.

Its research found that financial fraud usually occurs shortly after a computer is infected with Zeus because sensitive information is immediately transmitted back to the criminals. In the majority of cases, the ability of MSRT to prevent Zeus-related fraud and data loss will be minimal because the damage has already done by the time it performs its scan.

Boodaei however welcomed Microsoft's decision 'to join the fight against financial malware', as winning the war against criminals requires the participation and cooperation of more software vendors and increased involvement by law enforcement agencies.

He said: “I hope Microsoft's efforts will not stop here since there is a lot more to be done. However. I believe that MSRT will actually serve to further shorten the time between a machine becoming infected and the time it is used to commit fraud. I also expect this will reduce the effectiveness of anti-virus solutions, since they typically cannot detect a new variant until a few days after it is released.

“Microsoft is working hard and making important contributions towards improving online security with MSRT and Microsoft Security Essentials. However, in the battle against Zeus, I believe Microsoft chose the wrong weapon. What's needed are real-time, signature-independent solutions and more operating system improvements, if we want to defeat Zeus and others like it.”

He also claimed that he expected financial malware to start targeting MSRT to render it useless. “Zeus and other financial malware can accomplish this fairly easily since they have a distinct technical advantage over MSRT, as they are already running when MSRT starts scanning,” he said.

“This allows the Trojan to easily block MSRT from running altogether. Disabling MSRT will inflict even further damage, since it is effective at detecting and removing many other forms of malware.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).