Zeus is a type of malware that can infect your devices, use them as part of a botnet, and spy on your data. This malicious software often targets Windows users, but new variants are emerging which can also infect mobile operating systems.
Zeus, also known as Zbot, is a kind of malware, referred to as a trojan, which can secretly install itself on your device. Like most of the worst computer viruses, it can steal your data, empty your bank account, and launch more attacks. Once the infection has occurred and it's active on your computer, it will usually do one of two things.
It can add your device to a Zeus botnet; a network of infected devices that all answer to one command center. You might never realize that your device is being used in Zeus botnets, but hackers can leverage this army of compromised computers and smartphones to launch DDoS attacks on other targets.
Alternatively, the Zeus trojan can spy on you directly, stealing sensitive information from your device and feeding it back to a cybercriminal. Again, its presence on your device may be almost unnoticeable, so you might not realize you’re being targeted until it’s too late.
Zeus first appeared around 2007. Like many forms of malware the Zbot was initially used to steal banking information. However, in 2011, the source code was released to the public, allowing multiple new variants to be created. The original code has apparently been retired, but new generations of Zeus trojans are still active today.
ZeuS 188.8.131.52 (as it was originally known) comes in many forms. In fact, there are hundreds of documented versions of the ZeuS trojan, although most of them serve a similar function; a Zbot is meant to steal data and money, or build a botnet.
If it’s targeting your data, a Zeus trojan will usually attempt to gather the following:
In the case of botnet builders, the process will be less focused on stealing the specific data of a user. Instead, the device will be installed with hidden software, allowing it to be controlled remotely by the hacker.
At a later date, it can then be used, along with the rest of the botnet, to flood servers and online systems with artificially-inflated traffic. This can force websites offline and make networks inaccessible, in what’s known as a distributed denial of service (DDos) attack.
While the original Zeus malware is no longer active, there are numerous copycats that use the same or similar code. Here are just a few Zeus malware examples.
SpyEye. This is a particularly nasty malware that is thought to use code from the original Zeus virus. It usually targets your browser, recording your keystrokes until it manages to get the login credentials for your accounts. It can even initiate transactions while you’re logged into an online banking portal, sending funds directly to the hacker.
Gameover ZeuS. Originally created by Russian hackers, Gameover ZeuS focuses on conscripting devices into a botnet. What sets it apart from similar variants is its use of an encrypted peer-to-peer communication system, making it much harder for the authorities to track down whoever is operating it.
Ice IX. Another descendent of Zeus is Ice IX, a botnet system partially built on the code of the original malware. It’s a multifunctional tool, and can be used both to manipulate online financial transitions, and to launch botnet-driven attacks.
So what do we know about the history of Zeus? And where did it originate?
It was first identified in 2007, when it was used by hackers to target the United States Department of Transformation.
Who created the Zeus virus? Like all malware it’s impossible to say for sure where it originated, but some law enforcement agencies have claimed that it was created in Eastern Europe.
What we know for certain is that in 2011, the creator of the original Zbot made the malware code public — or had it leaked unintentionally — allowing it to spread faster than ever.
The creator may also have sold his original code to the criminals who invented SpyEye, although in 2013 the creator of SpyEye was arrested, and subsequently pleaded guilty to conspiracy to commit wire and bank fraud.
Zeus and its variants have been successfully used to target huge organizations like Amazon, Bank of America, and even NASA. At its height, the original Zeus virus was infecting several million devices a year.
While it’s been used very effectively against larger corporations and government bodies, it has also been deployed against individuals, roping the devices of unsuspecting internet users into botnets.
So how does the Zeus virus work? First, it needs to get onto your device, which it can do using one of two main tactics.
The malware can be installed through phishing emails. In this case, the hacker sends an email containing a link that will trigger the malware infection. They will try to convince the receiver to click the link, possibly by pretending to be a recognised sender like a bank or even a coworker.
Alternatively, the malware can be delivered through the code in a website; a method known as a drive-by download. The hacker might set up a fake website to do this, but they can also try to infiltrate real websites, turning them into malware distributors.
Once the infection has occurred, the malware can be operated remotely from the hacker’s command and control center.
One thing that makes the Zeus virus effective is how hard it is to tell if your device is infected. However, there are several indicators that you might be dealing with malware.
The best way to prevent Zeus attacks is to avoid malware infection. Here are three ways to do that.