Microsoft tool unable to detect new versions of Zeus

Powered by SC Magazine
 

"A good first step".

Though Microsoft has added new protection capabilities to its Malicious Software Removal Tool (MSRT) to help organisations fight Zeus, its tool is ineffective at detecting the newest version of the insidious data-stealing malware, according to researchers at security firm Trusteer.

Last month, coinciding with the release of its monthly bundle of security fixes, Microsoft added Zeus detection and removal capabilities to the freely distributed MSRT.

But after testing the tool against hundreds of Zeus files, Trusteer researchers determined that it is able to detect and remove an old version of Zeus 46 percent of the time but is unable to protect against the latest version, Mickey Boodaei, CEO of Trusteer, told SCMagazineUS.com.

“What Microsoft did is a good first step, but in terms of effectiveness and sustainability against Zeus, we think there is a lot more work to do,” Boodaei said.

The most recent version of Zeus contains sophisticated capabilities to evade detection, Boodaei said.

Each time the data-stealing trojan is installed on a machine, its footprint changes, meaning all the filenames and registry keys associated with the malware are unique, he said. Even older versions of the malware contain less sophisticated capabilities that allow it to evade anti-virus detection most of the time.

“The good news is that MSRT has and will be able to kill approximately half of the Zeus population,” Boodaei wrote in a blog post. “This detection rate is very respectable since most anti-virus solutions, if not all, have a much lower detection rate.”

One week after adding the protection capabilities, Microsoft said the tool cleaned Zeus, also known as Zbot, 281,491 times from 274,873 computers, making it the most prevalent family of malware removed from machines.

However, according to Trusteer, the tool is not able to prevent Zeus-related fraud in a majority of cases because it does not operate in real time.

Financial fraud typically occurs within hours or days after a computer is infected with Zeus because sensitive information is immediately transmitted to criminals, Boodaei said. Attackers have a “window of opportunity” between the time a computer is infected with Zeus and the next MSRT scan to steal money from a victim's bank account.

“The fraudsters are very quick to act,” Boodaei said. “You get infected, they analyse your computer, the next time you go onto your bank account the fraud occurs.”

The computer security industry as a whole is lagging behind the Zeus authors, he added.

“We need to find more ways of removing the dependency on signatures and the need to know what Zeus looks like and how it behaves in order to block it,” he said. “That's the only way of successfully fighting Zeus in this dynamic world the fraudsters have created.”

A Microsoft spokesperson did not immediately respond to a request for comment.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Microsoft Outlook is now on iPhone and iPad: why could this be useful?
Jan 30, 2015
Microsoft today released Office for Android and Outlook for iOS - complementing the other Office ...
Franchisees, here's something you should know about
Jan 23, 2015
You need to know the Code if you are a franchisee or franchisor as the penalties are significant.
Xero users rejoice! Quoting has finally arrived
Jan 23, 2015
It has taken years, but Xero has at last added integrated quoting to its online accounting software.
You can now get a no-contract wi-fi tablet from Telstra
Jan 17, 2015
Telstra has began selling wi-fi tablets out of contract without paying extra for cellular ...
Get your business ready for 2015: mobile payments
Jan 2, 2015
These handy apps from MYOB, Xero and others can reduce your administrative load and improve ...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3075

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 977

Vote