A new version of the Zeus financial malware has added sophisticated new mechanisms to commit online fraud and remain the Trojan of choice for criminals. Zeus has not only improved its business logic but also its ability to avoid detection and automatic analysis by antivirus vendors. Just like commercial application developers, the creators of Zeus run an R&D program to ensure it can avoid detection and side-step the growing number of IT security mechanisms designed to detect, block and eliminate it.
This is an interesting topic, but unfortunately the linked article is pretty shallow. I would like to know more. Is this exclusively a Windows virus, or is it cross-platform? How is it spread? The article hints at it being browser based, but if so would NOT having Adobe Flash (the biggest cross-platform security risk) installed be sufficient to prevent infection?
As a Linux user, am I safe? If not, what would be a good strategy to prevent infection? Any tips on how to remove this virus, or is it hopeless (must reinstall the OS?).
I did some Googling to find answers, and there was surprisingly little. Lots of short articles all saying the same thing: “it’s a nasty virus that is hard to detect”.
Edited 2010-10-20 23:53 UTC
In linux the best way to thwart this virus is to enter:
#mv -R / /dev/null
then
#dd if=/dev/random of=/dev/sda
by the time /dev/random generates enough randomness to clean your drive the virus will have achieved consciousness, grown tired with the poor pace of computer development and probably have decided to stop existing.
Edited 2010-10-21 03:43 UTC
Zeus only infects Windows systems, so Linux is safe.
mv doesn’t have a -R option. Also this wouldn’t work because you can’t ovewrite a file with a directory. Even it it worked, you would not lose any data, you would only lose the ability to send things to /dev/null (because it would no longer exist).
This will erase your hard drive, so don’t do it. Also, if you did want to erase your hard drive with random numbers, using /dev/random would not be a wise choice, because it would quickly empty the entropy pool and block, waiting for more. You should use /dev/urandom instead.
Zeus would create it’s own computers and enslave all mankind. It’s less boring.
….for now.
Is this some kind of testing kit to test for security vulnerabilities or is this written by black hat crackers (hackers?).
Never mind. I got around to reading the article and I see that it’s the real deal.
So now, malware makers are getting news items in which their latest “improvements” and clever “mechanisms” are being examined? And that Zeus thing even has a version number?
I don’t get it. Is that Zeus a product that its developers market? and provide support for? WTF with this twisted world?