Welcome to the new ZDNet! Give feedback or learn more about our updated design here. Or, return to the classic view.

Despite crackdown, Zeus bank-robbery malware still 'alive and kicking'

Microsoft's malicious software removal tool is disinfecting the Zeus malware (also called Zbot) from between 60,000 and over 100,000 unique Windows computers every month.

Despite a widespread industry effort to disrupt and shut down the Zeus malware gang, Microsoft's malicious software removal tool is still finding tens of thousands of machines infected with the notorious banker trojan every month.

According to Microsoft, the tool is disinfecting the Zeus malware (also called Zbot) from between 60,000 and over 100,000 unique Windows computers every month.  The disinfection utility is updated and released once a month on Patch Tuesday to clean Windows machines from the most prevalent malware threats.

follow Ryan Naraine on twitter

Here's the breakdown of MSRT Zeus disinfections for the last few months:

Month Count
March 103391
April 113814
May 60385
June 83555
July 61323
August 89994
"Yes, it's still around and kicking," says Microsoft's Matt McCormack.

"We're still seeing both distinct malware families out and about in the wild. Between the two, we're finding that they're responsible for a significant amount of the e-commerce-related fraud happening at any given time," McCormack added.

In August, Microsoft sneaked in a new definition signature for Zeus into the cleaning utility and discovered and removed about 90,000 Windows machines infected with Zeus.

According to abuse.ch's Zeus tracker, there are about 220 command and control servers online at any given time.  The site monitors the about 700 servers hosting the botnet.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All