Two people have been arrested in Manchester in relation with distribution of the ZeuS/Zbot Trojan.
Officers from the Metropolitan Police's Central e-Crime Unit (PCeU) made Europe's first arrests in the battle against the Trojan. A man and woman, both aged 20, were questioned and bailed until March 2010 for further in-depth enquiries to be completed. Police revealed that the arrests were the first in Europe as part of the inquiry, and were arrested on 3rd November under the 1990 Computer Misuse Act and the 2006 Fraud Act.
Detective inspector Colin Wetherill of the PCeU, said: "The ZeuS Trojan is a piece of malware used increasingly by criminals to obtain huge quantities of sensitive information from thousands of compromised computers around the world. The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality."
Tom Kelchner, Sunbelt Software's research office manager, congratulated the British effort, saying: “Zbot uses a wide variety of social engineering tricks to spread through a variety of methods, including spam email and web downloads. It created a large botnet that collects information about victim's credit card, banking and social network logins.”
Graham Cluley, senior technology consultant at Sophos, said: “Zbot is one of the most notorious pieces of malware of recent times. It's a data-stealing Trojan horse, designed to grab information from internet users which would help hackers break into online bank accounts and social networking sites such as Facebook and MySpace.
“There's something else that Zbot does, and the clue is in the ‘bot' part of its name. Zbot hijacks your computer, making it part of a criminal botnet. Hackers control thousands of compromised computers around the world - using them as a zombie army to spew out spam, spread more malware and launch denial-of-service attacks.
“It's worth bearing in mind, of course, that although the arrests have been in the UK, the Zbot family of malware is a problem that has been hitting computer users around the world - it is truly a global threat.
In agreement was Symantec's Eric Chien, who said: “While the details are preliminary, the two likely appear to be users of the Zeus botnet package rather than the actual creators, and thus the prevalence and usage of Zeus is likely to continue.”
The announcement follows news earlier this week where four UK-based men were sentenced to more than 13 years in jail after using a Trojan to steal money from bank accounts.