The Zeus Botnet

In Greek mythology he was the king of the gods, in modern times he is still referenced in many different ways. One way is by naming a malware infection after him a one Zeus Botnet or Zbot for short. This infection has defiantly earned its name as it will prove to you that it is not playing around. When and if you deal with this infection be prepared for a fight as it is one of the more difficult ones to remove. Also, there are not a lot of removal methods out there for this infection. Microsoft did release a couple of their malicious software removal tools designed to remove a few different versions of the original Zeus infections but they have not released anything recently for the newer versions.

The Zeus botnet is designed primarily to steal your hard earned cash by using “Man-in-the-browser keystroke logging” and “Form Grabbing”. Depending on how the hacker wants to use the software (which is available for $15,000) he/she can steal account credentials from Facebook, online email accounts, and financial websites just to name a few. Once you get this infection the banks (most of them) will alert you that you have it and not let you login. At least that’s how it happened to one of our clients. The banks alerted them to the infection before their system was affected.

Once getting this info we started looking for a way to clean the infection. Unfortunately, like many people have found, there is no easy way to remove this infection. The new version of the malware calls a bunch of its friends along to help drag the system to a halt causing it to eventually crash if left untreated. One of the only tools that could remove it is Anvi Smart Defender. However on the systems affected by Zeus the scans from Anvi took a very long time. (These were very old machines.) After every scan we ran the infection seemed to get worse. Malwarebytes scans were coming back clean but Anvi was not, it kept finding infections, other software would find the same infections but was unable to remove it.

Moral of the story, [ensure you have good backups]. Not all viruses can be immediately resolved using A/V software.

