Friday, April 16, 2010

Almost all Fortune 500 companies show Zeus botnet activity

From Ars Technica ...
Up to 88% of Fortune 500 companies may have been affected by the Zeus trojan, according to research by RSA's FraudAction Anti-Trojan division, part of EMC. The trojan installs keystroke loggers to steal login credentials to banking, social networking, and e-mail accounts.

The botnet was first identified in 2007 and is still around today. The malware tends to be difficult to detect and remove, and several million machines worldwide are believed to be infected. The Zeus server-side components, used to collect the stolen data, surprisingly mimic techniques more commonly seen in the world of commercial software; the software is licensed (with fees ranging from several hundred to a few thousand dollars), and each installation is tied to the hardware it's installed on in a system reminiscent of Microsoft's software activation. The malware itself predominantly attacks Windows XP machines, though Windows Vista and Windows 7 variants are available for sale too.
Read the full article here.


Eric H said...

I wish that there were some way to ensure that data you give to a company stays safe. As we have learned in class, information is valuable so companies try to aggregate as much data as possible about customers.

Unfortunately companies don't seem to always keep data safe. If employees of these large companies infect their home computers and have their bank account emptied that would be one thing; however, they have managed to infect their work computers which probably have access to huge amounts of data about customers. The percentage of Fortune 500 companies that are infected by this one trojan indicates the lack of safety for personal information. I think that there should be strict legal penalties for companies that aggregate data and lose it.

Allison Rosburg said...

This article only proves how prevalent cyber crimes have become. For many cyber crimes there is little to no risk involved; however, the benefits can be endless. Unfortunately, I don't believe this article is saying that the companies are dropping the ball, but rather even these companies who secure their information are susceptible to cyber attacks.
Now even the criminals who are installing the malware on computers are being hacked into. This means that now cyber warfare is open to a whole new group of people that don't have to know to infect a computer with malware, but instead just exploit the work of other hackers. Cyber crime is getting out of control now that those that are doing the hacking are also being hacked. Cyber crime is making it so that no information is secure and no one can have absolute control over what they consider to be their information.

Nick Geary said...

Trojans and Malware is really something scary. Just this one Zeus Trojan has been around for 3 years and is still infecting computers and taking information and data from people and companies. These criminals are taking banking, social networking and email accounts. All this information going into the hards of the wrong people.

Another point that caught my eye in this article is how smaller companies are easier to take advantage of. The smaller companies do not have as much protection. These trojans are getting stronger, harder to detect and they are only going to become worse from here on. It is important for better protection software to make its way into the market so that companies can protect themselves and their customers.

If my personal data was taken from a company and exploited I do not think that I would blame the company, even though I would expect compensation. I believe that technology will get better but the threat of an attack will always be there.

Andy M said...

The economic impact of cyber crimes has become increasingly profound in the last couple of years, with the increasing liquidity of funds due to the advent of internet based banking allowing for subtler methods of burglary across a wider range of targets. Today, according to FDIC numbers found in John Leyden’s article on, businesses lost $120m in the third quarter of 2009 to phishing and Trojan-based online banking scams ( While these are not the most prevalent, they seem the most insidious due to their deadly mix of attributes. First, they are easily spreadable. Building a bot-net is not a particularly difficult thing for a novice hacker to do, as we learned in class. Second, they require little interaction to acquire and are therefore hard to diagnose, thus allowing them to exploit a system for an extended period of time before the user is even aware of the intrusion. Finally, the use of key-loggers and sophisticated Trojans seems particularly threatening because personal systems without powerful antivirus/detection software or the oversight of an IT department leave everyday internet users at a distinctly increased risk. These bot-nets and phishing scams are designed to cast a wide net, and while corporations provide a juicy target, the inferior defenses of the smaller Corporations have to deal with the problem of data theft on an institutional level, allowing them to make profit-based value judgements on the efficacy and logistical viability of a variety of preventative methods. Small businesses and individuals, however, are much less equipped to handle not only prevention/discovery/removal, but also the economic impact of a major theft, whether it be monetary or data/intellectual property. Small businesses accounted for $25 million of the lost income in the Third Quarter ’09 (Leyden, 2010). So while the alarming rate of infection among Fortune 500 companies is frightening at first glance, personally I feel the far more menacing threat is posed against small-businesses and individuals.

Jessica hardy said...

I found a few things interesting about this article. Firstly, 88% of Fortune 500 companies is an astounding number and only shows how even the most financially stable and influential companies are naive to cyber attack. In our capitalist society, so many companies are so strung up on making a profit, that they forget that security, privacy, and loss of intellectual property could have astounding effects on the future of their business. It all seems like a sort of karma that many large business's employees are starting to be attacked considering the fact that many of these companies track data of customers without them knowing it. Now they are almost getting a taste of their own medicine because know a force outside of them is able to gather information about them that they would possibly want to conceal. Even though the largest companies are better at concealing their information, they are also the one's with more to loose and could have intellectual property that is more important then the smaller companies.
I also thought it was interesting that even the Zeus malware has been subject to malware and cyber impostors so they themselves have also been subject to a type of internet karma. Its almost like there is a circle of unwarranted information sharing. Information is stolen from consumers by big business, which is then stolen by Zeus Malware, which then gets stolen from other cyber hackers. Hopefully these cyber hackers are consumers so we can bring the whole circle together. Or maybe the only way that we will know the extent of information about big businesses in an internet economy is to have hackers that provide more transparency to keep big businesses in check. If big businesses are afraid that the information they keep on individuals will be exploited, then maybe they will be less likely to hold onto private consumer information.