Trusteer doubts Microsoft efforts against Zeus

News by Dan Raywood

Despite efforts by Microsoft to battle against the Zeus Trojan via its Malicious Software Removal Tool (MSRT), claims have been made that hackers still have a golden window of opportunity to steal money from bank accounts.

Despite efforts by Microsoft to battle against the Zeus Trojan via its Malicious Software Removal Tool (MSRT), claims have been made that hackers still have a golden window of opportunity to steal money from bank accounts.

Last month, Microsoft announced the capability to add detection and removal for Zeus for its MSRT, however Trusteer claimed that it tested MSRT against hundreds of Zeus files and found that MSRT detected version 2.0 of Zeus about half (46 per cent) of the time, but is unable to detect the new 2.1 variant of the financial Trojan.

According to Mickey Boodaei, CEO of Trusteer, Zeus also has a significant advantage over MSRT as the tool does not operate in real-time and only disinfects a machine when it is running. Therefore hackers have a golden window of opportunity between the time of a Zeus infection and the next scan by MSRT to siphon off money from the victim's bank account.

Its research found that financial fraud usually occurs shortly after a computer is infected with Zeus because sensitive information is immediately transmitted back to the criminals. In the majority of cases, the ability of MSRT to prevent Zeus-related fraud and data loss will be minimal because the damage has already done by the time it performs its scan.

Boodaei however welcomed Microsoft's decision 'to join the fight against financial malware', as winning the war against criminals requires the participation and cooperation of more software vendors and increased involvement by law enforcement agencies.

He said: “I hope Microsoft's efforts will not stop here since there is a lot more to be done. However. I believe that MSRT will actually serve to further shorten the time between a machine becoming infected and the time it is used to commit fraud. I also expect this will reduce the effectiveness of anti-virus solutions, since they typically cannot detect a new variant until a few days after it is released.

“Microsoft is working hard and making important contributions towards improving online security with MSRT and Microsoft Security Essentials. However, in the battle against Zeus, I believe Microsoft chose the wrong weapon. What's needed are real-time, signature-independent solutions and more operating system improvements, if we want to defeat Zeus and others like it.”

He also claimed that he expected financial malware to start targeting MSRT to render it useless. “Zeus and other financial malware can accomplish this fairly easily since they have a distinct technical advantage over MSRT, as they are already running when MSRT starts scanning,” he said.

“This allows the Trojan to easily block MSRT from running altogether. Disabling MSRT will inflict even further damage, since it is effective at detecting and removing many other forms of malware.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews