The ubiquitous use of technology in our life comes with a lot of challenges and threats. One of the most pressing phenomena right now is cybercrimes which rate is constantly increasing. According to the Statista, in 2020 there were over 23 thousand incidents of cybercrime in Poland which is an 88 percentage point increase compared to 2019. The most popular data breaches are interconnected with hacking (45% worldwide), errors (22%), social attacks (22%), and malware (17%). In this article, we will focus on the last scope, namely on a particular malware that goes by the name of the most powerful Greek God – Zeus.
Before we move to explain all the details of Zeus, we first need to briefly go through what is actually a Trojan horse. This is also interconnected with Greek mythology term is very intuitive when you know the story of it. As it was with the wooden horse where Trojans hid in order to attack the city without notice, it is the same story with a digital Trojan horse that intends to steal valuable data by misleading people of its true intent.
So what’s up with Zeus?
Zeus is a Trojan horse malware that firstly occurred around July 2007. It is believed that it was developed by a 22-year-old Russian hacker who went by the name “Slavic.” Despite his young age, no one should underestimate his coding skills. According to FBI and U.S. Law Enforcement data, Zeus attempted to steal over 220 mln USD from personal and business bank accounts all over the world. Eventually, it managed to accrue only 70 mln USD which is still an enormous amount of money.
How was it working then?
With the intent of stealing sensitive data, especially the financial one, Zeus can be introduced to a computer in two ways – phishing campaign or drive-in download. In 2007, social awareness of phishing was still low and the success rate of such campaigns was really high. They relied heavily on e-mails or text messages socially engineered in order for the potential victim to click on the link that led to infecting a particular device with malware. As Zeus was intended mostly for various versions of Microsoft Windows, phishing, in that case, was based on e-mails. The second option, a drive-in download, relies on the victim downloading a file from for example website without the knowledge that it is infected. In both cases, Zeus is profoundly hard to detect because it leverages the stealth techniques and mutates itself similarly to biological viruses.
After infecting a particular device, Zeus is monitoring closely websites that the victim visits and recognizes when a person is on a banking website. Then, it is possible to steal text user fills in web forms, gather keystrokes, and take screenshots when the mouse is clicked. Zeus’s actions can be interconnected with the term man-in-the-browser (MiTB) attacks where malware behaves the same way as there would be another person in the room with the user closely watching his actions.
Where is Zeus now?
Due to the Zeus code leak in 2011, its activity lowered, and right now it is not perceived as a big threat to users’ financial data. With the rise of ransomware also Trojan horses were pushed into the back scene of hacking and stopped being that common. However, we shouldn’t forget that still there are a lot of threats hiding in the shadows of the internet, and wisely assess the websites we enter and the data we provide.
References:
- Niebezpiecznik, Jak działa ZeuS?, 2012, www.niebezpiecznik.pl/post/jak-dziala-zeus/
- ZeuS, Dark Net Diaries podcast
- Wikipedia, Zeus (malware), www.en.wikipedia.org/wiki/Zeus_(malware)
- Malwarebytes, The life and death of the ZeuS Trojan, 2021, www.blog.malwarebytes.com/101/2021/07/the-life-and-death-of-the-zeus-trojan/
- FBI, The Zeus Freud Scheme, www.upload.wikimedia.org/wikipedia/commons/thumb/2/2d/FBI_Fraud_Scheme_Zeus_Trojan.jpg/800px-FBI_Fraud_Scheme_Zeus_Trojan.jpg