The Zeus virus has tormented computer users for a whole decade since it first appeared in 2007. Starting out as a Trojan horse, this malware was transformed many times, taking various forms, such as a botnet or an infostealer. Now in 2017, it has reappeared again after a few months of absence. Read this article to find out what has changed for the latest variant of this malware.
Zeus Virus – What Is Its Distribution?
As mentioned above, redirects and advertisements could serve as a form for an entry-level infection with the Zeus virus. More methods include a forgery of an official e-mail that is from your boss, a post service or a successful transfer of money involving your bank account. Some of these methods are still used for the distribution of Zeus till today. The following link loads an article that shows how to Remove Zeus Trojan virus on your PC, plus other, more technical information about the malware.
Zeus Virus – What Are Its Origins?
Before seeing what are the new things surrounding the Zeus virus, you should first familiarize yourself with its origin. Zeus makes its first appearance back in 2007, which is 10 years before the current variant. Back then, its original name was ZeuS and it started out as a Trojan horse. By clicking on a simple advertisement or a link, this piece of malware could be injected into the computer of an unsuspecting victim. Afterward, the virus would mimic the appearance of a Web page, or forge a whole website, so it could steal credential data, such as banking logins and other, valuable information.
People would see a login page that they are used to, with the same design and just enter their account name and password, without noticing small changes, such as the different URL of the page. Back then Zeus stole data from the United States Department of Transportation.
Zeus Virus – What Is New In 2017?
2017 marked a new beginning for the Zeus virus. A variant called “Chthonic”, which is based on the code of Zeus, has been detected to be active by malware researchers. Computers on a world wide scale have been infected by that very same variant since 2014.
An even bigger attack is expected to be revealed this time, as the RIG exploit kit is being used for the distribution of Chthonic. According to malware researchers, 302 redirects are being used for the attack. If you happen to initiate a redirect, your browser might not go through all of the redirects, it might be just one or two pages, but you will always find yourself on a landing page. On that page, a certain script will be activated to try and exploit vulnerabilities found in Flash. In case an exploit is successful, a payload file containing the Zeus variant will be downloaded onto your computer.
Once downloaded onto your PC, the Zeus variant called Chthonic can serve the purpose of a Trojan horse and steal information. That scenario has been played out already by an older version of the virus, last year. However, the new features here include a more aggressive way for distribution and infection, changes in the code to be less detectable by AV vendors and several others. What is more frightening is that the Trojan could be the first step toward infecting your computer machine with a ransomware virus. This tactic has already been tested and used by malware developers, so you should be careful around suspicious e-mails and links.
In January, 2017 another variant of Zeus was detected, which put legitimate applications inside its package making it even harder to get detected by security programs. The name for that variant is “Zbot” or “Zloader”, but its attacks have subsided since it was discovered.
All of that activity, even ten years since the first release of ZeuS, proves that the Trojan horse virus just keeps evolving and equipping itself with nastier features. Just the fact, that some builds written with the code of Zeus sell like hot bread on the black market for up to 17,000 dollars, is quite worrisome. Maybe the Golden Age of the Zeus virus has passed or maybe not?