Cloud and Data SecurityZeus Virus AKA Zbot – Malware of the Month, November 2019
The Zeus Virus, or Zbot, is a crafty and undetectable strain of malware that has been rather resilient and shown a strong ability to evolve since its first detection in 2007. For that reason, it’s our Malware of the Month for November, 2019.
By
Shyam Oza
3 minute read
When you’re named after the ancient Greek king of the gods, you’ve got a reputation to live up to. And our malware of the month — Zeus Virus, or commonly known as Zbot, Zeus Trojan, or simply Zeus Malware – doesn’t fall short. Over the past few months, we’ve profiled a few truly destructive malware types such as Kovter, Emotet, and Trickbot. Zeus though takes the cake, by cobbling together all of the crafty attributes in these malware types — stealthiness, undetectability and the ability to resiliently evolve.## What is the Zeus Virus, or Zbot?
Zeus Virus is a Trojan malware package that particularly targets Microsoft Windows. Trojan types of malware mislead users of its true intent, much like its namesake horse. Zeus made a king’s entry in 2007 attacking both top corporate houses and US government institutions with one swoop.
Since then, it has become one of the most damaging botnets in the world, thus popularizing the Zbot moniker. Amongst its notable attacks was a $70 million heist from hacked bank accounts causing the FBI to intervene. Even more worrisome is that it has reproduced hundreds of mal-variants that are based on its code. Even though cybersecurity experts heaved a sigh of relief when its creator purportedly “retired,” the Zeus malware mafia lives on.
How does Zeus work?
Zeus’ main vectors are mail spam, malicious social engineering and by inserting itself into legitimate product downloads, also known as drive-by downloads.
Once in the victim’s machine, Zeus Virus creates a hidden “backdoor” on the computer. Backdoor malware is especially dangerous as it allows the attacker to have full access and complete control over the machine, and consequently an entry-point into the company’s network. Zeus then proceeds to steal the victim’s data including personal details, application logins, and banking information. Or, its avatar Zbot inducts infected machines into a botnet — a network of other compromised machines controlled by a master hacker. This can lead to devastating wide-scale attacks that infect the entire network of the organization.## Tips to protect your organization from Zeus Malware
- Strengthen Authentication: Most malware attacks are the result of compromised and weak credentials. Two-Factor Authentication or Multi-Factor Authentication (MFA) are excellent gate-keepers, that prevent unauthorized access of applications. Make sure all your applications, including third-party ones, support and implement it.
- Create Anti-Phishing Policies – Microsoft 365 includes built-in features that protect your users from phishing attacks. Take advantage of the threat management tools in Microsoft 365 to set up anti-phishing policies and increase your protection status. You can even create custom policies for specific users, groups, or domains.
- Cybersecurity Training: Phishing and social engineering are Zeus’ key vectors, as is the case with most types of malware. Hence, an essential malware prevention best practice is to conduct regular org-wide cybersecurity training. Educate colleagues about the basics of good security hygiene, such as checking the sender’s email ID, and avoiding downloading attachments or clicking URLs from unknown sources and alerting support about emails with suspicious content.
- The Usual Protectors: Check that your anti-virus solutions are auto-updated, and that you have robust firewalls and network monitoring tools in place.
Malware attacks are on the rise. Ensure that your business, colleagues or customers are not held ransom to them, by backing up your data securely. Spanning Backup provides top-rated SaaS backup and recovery solutions for Microsoft 365, Google Workspace, and Salesforce. With Spanning’s accurate, real-time data backup that you can drastically limit the damage of malware attacks, and ensure business continuity by quickly recovering lost or corrupted data with a few clicks.
Learn How Spanning Protects Microsoft 365