Linked by Thom Holwerda on Wed 20th Oct 2010 22:27 UTC
Privacy, Security, Encryption A new version of the Zeus financial malware has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Just like commercial application developers, the creators of Zeus run an R&D program to ensure it can avoid detection and side-step the growing number of IT security mechanisms designed to detect, block and eliminate it.
Order by: Score:
want to know more
by ozonehole on Wed 20th Oct 2010 23:52 UTC
ozonehole
Member since:
2006-01-07

This is an interesting topic, but unfortunately the linked article is pretty shallow. I would like to know more. Is this exclusively a Windows virus, or is it cross-platform? How is it spread? The article hints at it being browser based, but if so would NOT having Adobe Flash (the biggest cross-platform security risk) installed be sufficient to prevent infection?

As a Linux user, am I safe? If not, what would be a good strategy to prevent infection? Any tips on how to remove this virus, or is it hopeless (must reinstall the OS?).

I did some Googling to find answers, and there was surprisingly little. Lots of short articles all saying the same thing: "it's a nasty virus that is hard to detect".

Edited 2010-10-20 23:53 UTC

Reply Score: 4

v Comment by Kasi
by Kasi on Thu 21st Oct 2010 03:42 UTC
RE: Comment by Kasi
by Sodki on Thu 21st Oct 2010 09:49 UTC in reply to "Comment by Kasi"
Sodki Member since:
2005-11-10

In linux the best way to thwart this virus is to enter:

Zeus only infects Windows systems, so Linux is safe.

#mv -R / /dev/null

mv doesn't have a -R option. Also this wouldn't work because you can't ovewrite a file with a directory. Even it it worked, you would not lose any data, you would only lose the ability to send things to /dev/null (because it would no longer exist).

#dd if=/dev/random of=/dev/sda

This will erase your hard drive, so don't do it. Also, if you did want to erase your hard drive with random numbers, using /dev/random would not be a wise choice, because it would quickly empty the entropy pool and block, waiting for more. You should use /dev/urandom instead.

by the time /dev/random generates enough randomness to clean your drive the virus will have achieved consciousness, grown tired with the poor pace of computer development and probably have decided to stop existing.

Zeus would create it's own computers and enslave all mankind. It's less boring. :-)

Reply Score: 5

RE[2]: Comment by Kasi
by Phloptical on Thu 21st Oct 2010 22:38 UTC in reply to "RE: Comment by Kasi"
Phloptical Member since:
2006-10-10

"In linux the best way to thwart this virus is to enter:

Zeus only infects Windows systems, so Linux is safe.
"

....for now.

Reply Score: 2

purplemecha
Member since:
2010-05-27

Is this some kind of testing kit to test for security vulnerabilities or is this written by black hat crackers (hackers?).

Reply Score: 1

purplemecha Member since:
2010-05-27

Is this some kind of testing kit to test for security vulnerabilities or is this written by black hat crackers (hackers?).

Never mind. I got around to reading the article and I see that it's the real deal.

Reply Score: 1

WTF?
by vodoomoth on Fri 22nd Oct 2010 08:02 UTC
vodoomoth
Member since:
2010-03-30

So now, malware makers are getting news items in which their latest "improvements" and clever "mechanisms" are being examined? And that Zeus thing even has a version number?


As with any commercial application, software product maintenance and support are two of the more important reasons why users buy and use products, and Zeus has proven over the last three years that it does both very well for the cybercriminals.

I don't get it. Is that Zeus a product that its developers market? and provide support for? WTF with this twisted world?

Reply Score: 2