Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Microsoft's anti-Zeus tool cleans quarter-million PCs

Free program scrubs money-stealing bot from Windows computers

Microsoft said its free malware cleaning tool had scrubbed the money-stealing Zeus bot from nearly 275,000 Windows computers in under a week.

Zeus, also called Zbot, is a crimeware kit that lets criminals create customized malware that they can use to infect PCs. Hackers deploy Zeus to steal usernames, passwords and other information necessary to log in to online bank accounts. So-called "money mules" then withdraw money from the compromised accounts and wire the funds to the gang's organizers.

Friday, Fortinet reported that one Zeus gang had targeted Charles Schwab investment accounts , and was injecting a fake form into a legitimate session at the firm's site to collect personal information they could later use to confirm their illegal transactions.

Last Tuesday, Microsoft added Zeus/Zbot detection to its Malicious Software Removal Tool (MSRT), a free malware-removal program that the company updates each month and distributes alongside its Patch Tuesday security fixes. MSRT does not prevent attack code from getting on a Windows machines. Instead, it detects infected machines and then deletes the malware.

Since Tuesday, MSRT has removed 281,491 copies of Zeus from 274,873 PCs, Microsoft announced in a post to a company blog Sunday. Those numbers put the Zeus bot into the top spot on MSRT's hit list.

Zeus infections accounted for 20.4 per cent of all machine cleanings since last Tuesday, said Jeff Williams, the director of Microsoft's Malware Protection Center, in the blog post. "[That] ratio [is] higher than we typically see even when accounting for the normal, first-month spike which results from adding a new family," Williams said. "But not exceptionally so."

Zeus, which first appeared in 2007, made headlines late last month when authorities in the U.S., the U.K. and Ukraine arrested more than 100 members of a Zeus gang. The group stole an estimated $200 million from consumers and small businesses over a four-year span.

Users can manually download MSRT from Microsoft's site, or use Windows Update to retrieve and install the tool.

Read more about security in Computerworld's Security Topic Center.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Charles Schwab, Fortinet, Microsoft, Schwab
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Charles Schwab, Cybercrime and Hacking, finance, financial services, firewalls, Fortinet, industry verticals, Malware and Vulnerabilities, Microsoft, network security, security
Latest Blog Posts
Whitepapers
  • Reconciling Datacenter consolidation and security: It starts with an integrated approach
    There is no question that datacenter consolidation has gone mainstream. A recent IDG Research survey of IT managers found that three out of four organizations are in the midst of, or just completing, consolidation of multiple applications or systems onto a smaller number of servers. Improving performance and availability was the key driver of consolidation efforts for 85% of those surveyed.
    Learn more »
  • Leveraging the Service Catalog to Scale Your MSP Business
    When assessing an MSP’s maturity and prospects, one question provides more insights than any other: “What’s in your service catalog?” A well-defined service catalog can set the framework for growth. The lack of a service catalog can significantly impede an MSP’s ability to scale. This paper explores why the service catalog is so vital, and provides some practical guidelines MSPs can apply in order to ensure their service catalog provides maximum utility and benefit.
    Learn more »
  • Award-winning unified information security from Clearswift.
    Fully integrated web and email gateway security solution, providing - protection from inbound threats, policy based encryption, and data loss prevention.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments