Manchester pair arrested over ZBot Trojan

 

Gallery

Posted on 19 Nov 2009 at 17:41

On 3 November, officers from the Metropolitan Police's Central e-Crime Unit (PCeU), assisted by Greater Manchester Police, arrested a man and woman, both aged 20 years, in Manchester for offences under the 1990 Computer Misuse Act and the 2006 Fraud Act.

The charges relate to the ZeuS or Zbot Trojan horse, although a press release from the Metropolitan Police does not go into detail about what the pair's role was in the creation, use and dissemination of the Trojan, its variants and its associated botnet.

Detective Inspector Colin Wetherill of the PCeU said: "The ZeuS Trojan is a piece of malware used increasingly by criminals to obtain huge quantities of sensitive information from thousands of compromised computers around the world. The arrests represent a considerable breakthrough in our increasing efforts to combat online criminality."

The release mentions that ZeuS is being used increasingly by cyber-criminals worldwide - not simply those involved in this case. The Zbot family of malware are password stealers that target internet banking details. Microsoft's Protection Center information also notes that Zbot has limited backdoor functionality that allows unauthorized access and control of an affected machine.

Like most modern malware, it's a product of the underground "shadow economy" of malware, where programmers sell malicious software through middle-men to fraudsters who wish to, for example, steal online banking details for a specific UK bank. A middleman will also arrange the distribution of this malware, often customised for the individual client's requirements, by renting space on a botnet. Botnets usually consist of infected home computers belonging to ordinary people. The processor power and network connections of these systems can be exploited to send out spam emails or Trojan attacks.

According to statistics released this month by Sunbelt Labs , Zbot variants were the most prevalent malware threat in October, accounting for 8.48% of all detected threats. Currently, Zbot variants are primarily proliferating via spam email, but our own malware tests have detected other infection vectors, including drive-by downloads (where a malicious program is surreptitiously installed by a compromised web page that exploits vulnerabilities in your browser).

Zbot is notoriously hard to get rid of once on a system, thanks to its ability to hide its files and surreptitiously download additional software modules. To protect your system against Zbot and other malicious software, you should keep Windows and third-party software like browsers, your Java Runtime Environment and Adobe Flash and Reader up to date, as well as installing at least basic free malware protection such as that provided by Microsoft Security Essentials, Avast! Home Edition or AVG Free.

Author: Kat Orphanides