Aussie ISPs still seeing users with Zeus infections

By on
Aussie ISPs still seeing users with Zeus infections

Staying power.

Variants of the Zeus banking trojan account for the majority of malware infections in Australia, despite concerted attempts to disable the threat, according to the Australian Communications and Media Authority (ACMA).

The ACMA said Zeus, a family of trojans that steals banking information through keylogging, is the most commonly detected threat on Australian IP addresses.

The authority runs the Australian Internet Security Initiative (AISI), which provides daily malware reports to 130 ISPs and network operators including the likes of AAPT, iiNet, AOL, Exetel, Optus, Vodafone and Telstra.

The Initiative generates about 16,500 daily reports of malware-infected IP addresses, which it sends to the ISPs to remediate.

The ISPs are expected to notify affected customers with advice on prevention and how to remove the infection. 

Each report is not necessarily a unique infection. The ACMA notes that internet users with dynamic IP addresses may cause multiple unique IP addresses to be caught over a 24-hour period.

In addition, there are gaps in the source data that do not correlate to a reduction in the threat at any particular point in time, but simply to problems capturing the threat data.

The AISI data is publicly available on a new ACMA webpage, and includes the top 20 types of infections reported and covers a rolling 90 day period. 

ACMA's manager of eSecurity Bruce Matthews said the AISI typically provides the malware reports to smaller ISPs, but also works with larger network operators, some of which correlate the data reported by the AISI with their own.

Last March, a Microsoft-led effort to disable Zeus saw US Marshals raid and confiscate three command-and-control (C&C) servers and take down two key IP addresses in an attempt to dismantle hubs feeding instructions to computers infected with the trojan. Microsoft took control of 800 domains involved with the servers as a result.

The company later filed a civil suit against 39 people it alleged were involved in the operation of the botnet, naming two (already in jail on Zeus-related convictions), but was unable to identify the others. 

The global scheme used Zeus to steal $70 million from US bank accounts, according to the FBI. 

The source code to Zeus was leaked in 2011 after the Russian programmer who wrote Zeus announced his retirement. The programmer was rumoured to have handed the code to the owner of similarly-prevalent banking botnet SpyEye, and the two have been reported to be working together since that time. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?