Only weeks after Microsoft added anti-Zeus Trojan detection to its free Malicious Software Removal Tool (MSRT), it is unable to detect the latest versions, a rival security company has claimed.
The analysis by Trusteer is a depressing reminder that ordinary users face a battle to keep state-of-the-art Trojans such as Zeus (or Zbot or Wnspoem), which targets online bank accounts, off their PCs.
According to Trusteer, MSRT detected and removed Zeus version 2.0 about 46 per cent of the time in its tests, but failed to spot updated versions which are now circulating.
The company also thinks that such Zeus detection is seriously flawed because it relies on the user downloading and running a tool when it might already be too late - Zeus typically steals banking logins soon after infection.
Ironically, because MSRT's effectiveness is still superior to many antivirus products, it might cause criminals to up their game once again, shortening the infection-to-theft period and even attacking MSRT itself.
"I also won't be surprised if some financial malware starts targeting MSRT to render it useless," said Trusteer CEO, Mickey Boodaei. "Zeus, and other financial malware, can accomplish this fairly easily since they have a distinct technical advantage over MSRT as they are already running when MSRT starts scanning."
As valid as some of these observations might be, some context is necessary. Depending on when the test was conducted, it is not surprising that the MSRT does not detect the latest Zeus variants. The software is updated only once per month, which limits its scope compared to rival tools.
As to whether criminals might start trying to block MSRT, it's not clear that this would be easy to achieve. The same tactic was tried against antivirus programs with limited success. Vendors redesigned them to be hard to remove from memory.
Trusteer also markets a rival anti-Zeus approach with its free Rapport plug-in, which sets out to block it through the browser.
It is valid to call attention to its limitations, but as far as detecting malware on a machine of unkown condition, consumers don't have much out there to help them. Free, branded tools that come with clean-up are the exceptions.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.