Despite crackdown, Zeus bank-robbery malware still 'alive and kicking'

[nsane.forums]

Microsoft's malicious software removal tool is disinfecting the Zeus malware (also called Zbot) from between 60,000 and over 100,000 unique Windows computers every month.

Despite a widespread industry effort to disrupt and shut down the Zeus malware gang, Microsoft's malicious software removal tool is still finding tens of thousands of machines infected with the notorious banker trojan every month.

According to Microsoft, the tool is disinfecting the Zeus malware (also called Zbot) from between 60,000 and over 100,000 unique Windows computers every month.

The disinfection utility is updated and released once a month on Patch Tuesday to clean Windows machines from the most prevalent malware threats.

Here's the breakdown of MSRT Zeus disinfections for the last few months:

<table border="0"> <tbody> <tr> <td><span><strong>Month</strong></span></td> <td><span><strong>Count</strong></span></td> </tr> <tr> <td>March</td> <td>103391</td> </tr> <tr> <td>April</td> <td>113814</td> </tr> <tr> <td>May</td> <td>60385</td> </tr> <tr> <td>June</td> <td>83555</td> </tr> <tr> <td>July</td> <td>61323</td> </tr> <tr> <td>August</td> <td>89994</td> </tr> </tbody> </table>

"Yes, it's still around and kicking," says Microsoft's Matt McCormack.

"We're still seeing both distinct malware families out and about in the wild. Between the two, we're finding that they're responsible for a significant amount of the e-commerce-related fraud happening at any given time," McCormack added.

In August, Microsoft sneaked in a new definition signature for Zeus into the cleaning utility and discovered and removed about 90,000 Windows machines infected with Zeus.

According to abuse.ch's Zeus tracker, there are about 220 command and control servers online at any given time. The site monitors the about 700 servers hosting the botnet.

View: Original Article