Zbot evades most anti-virus programs

The banking trojan Zbot, which is one of today's most prevalent financially-motivated trojans, is not detected or removed by most anti-virus programs because of its ability to morph, according to a report issued by internet security firm Trusteer.

A study of 10,000 Zbot-infected computers conducted this month revealed that a majority were running an up-to-date AV program, Mickey Boodaei, CEO and founder of Trusteer, told SCMagazineUS.com. 55 percent of Zbot-infected computers analysed were running up-to-date AV programs, 31 percent had no AV, and 14 percent had AV that was current, researchers at Trusteer found.

Even so, the company concluded that having an up-to-date AV product will only protect against Zbot 23 percent of the time. AV providers likely are having a tough time protecting users because the trojan has sophisticated morphing and rootkit mechanisms that allow it to penetrate deep into operating systems. Also, it protects itself from detection and removal, Boodaei said.

Zbot, also commonly known as Zeus, has been circulating since at least 2006, was most recently propagated through spam messages claiming to be a critical update for Microsoft Outlook. The information-stealing trojan aims to capture infected users' banking login credentials and send them back to the malware writers.  

No single AV engine was any better than another at protecting users from the trojan, Boodaei said.

“All the AV vendors have difficulties in detecting and removing Zeus," he said. "It's not limited to specific vendors."

See original article on scmagazineus.com