Zeus is a malware application that is aimed primarily at stealing your on-line banking details. It is one of the most widespread malware applications available today. There is even a Zeus Builder Toolkit which allows cyber criminals to customize Zeus to provide any functions they want.
Zeus Botnet normally reaches a user’s system via spam emails that are apparently from legitimate websites. These emails contain links to malicious websites which will ask the user for their credentials and also tell them to download a particular file. Of course, the file contains a variant of Zeus Botnet. Recently, social networking websites such as Facebook and MySpace have also been targeted by variants of Zeus Botnet. These variants send messages to users of these social networking sites claiming that they need to download and install an ‘update tool’ to update their user profiles. This ‘update tool’ of course contains the variant of Zeus Botnet.
Once installed, Zeus waits until the user connects to the Internet and downloads a configuration file which contains a list of web banking websites to get the user’s information for. Whenever the user visits a website on the list, Zeus Botnet will initiate a key logger function and save all the keystrokes of the user. Zeus also has an agent in the web browser which may also inject false fields into web forms which the user will unknowingly fill, thereby submitting even more personal information to the developer of that Zeus variant. Zeus Botnet periodically sends the information it has gathered to the malware developer.
What makes this worse, is that many anti-virus and anti-malware applications do not detect the Zeus Botnet. Check your computer for a folder with the name WSNPOEM, as this is a common sign of infection for the ZEUS Trojan.