Microsoft moves to nuke Zeus ID-theft malware

Microsoft moves to nuke Zeus ID-theft malware

Summary: Microsoft has added Zeus disinfection instructions onto its malicious software removal tool (MSRT), a move the company hopes will disable the botnet of infected WIndows machines.

SHARE:
12

On the heels of a spate of arrests and law enforcement crackdown on the notorious Zeus identity-theft gang, Microsoft is moving swiftly to nuke the Zeus trojan from Windows computers.

The company has added Zeus disinfection instructions onto its malicious software removal tool (MSRT), a move the company hopes will disable the botnet of infected WIndows machines.

The free tool, which is updated and released on the second Tuesday of each month, scans checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software.follow Ryan Naraine on twitter

According to Microsoft's Matt McCormack, underground forums are teeming with questions ranging from the very basics about configuring the Zeus malware to people boasting about the size of their botnets.  "Even the botnet controllers are themselves quite varied, from apparent hobbyists to those that likely have more nefarious intent," he explained

This family is quite prolific even if the intent behind some of the botnets is unclear.  That said, we find ourselves knocking on Zbot’s door this month, and we’re glad we are. Zbot is the latest addition to MSRT’s ever-growing list of malware, and we hope to continue protecting the Windows ecosystem with this new family firmly in our sights.

In the past, Microsoft has used the MSRT utility to disable the Storm botnet and to remove major worms like Sasser and Blaster.

Brian Krebs is reporting that Zeus botnet activity is already on the wane (see image above).

Topics: Microsoft, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Good try, but

    I don't think it will work 100%. This makes the assumption that WU is turned on. For those with legit installations and do have WU on, it will work.

    But I have a feeling this infection will remain prevalent despite Microsoft attacking back.
    The one and only, Cylon Centurion
    • RE: Microsoft moves to nuke Zeus ID-theft malware

      @Cylon Centurion 0005
      Those whose copies are not legit deserves whatever they git!
      eargasm
      • That and I forgot to mention

        @windozefreak <br><br>There are also some paranoid dip**** admins out there who think that by turning off WU, even on legit installs, is somehow doing the end user a favor. Those people aren't getting this as well.
        The one and only, Cylon Centurion
      • RE: Microsoft moves to nuke Zeus ID-theft malware

        @windozefreak The problem there is that a lot of people with illegitimate copies probably believe that their copy was legitimate, or might not have been able to find a place to get a legitimate copy. Also, every infected/hacked/etc. person runs a risk of infecting other people, so getting these people cleaned up is important to everybody.
        Third of Five
    • RE: Microsoft moves to nuke Zeus ID-theft malware

      @Cylon Centurion 0005
      Still, they deserve kudos for the additional effort.
      Unfortunately these scoundrels will always look for new ways to attack.
      Viva la crank dodo
    • RE: Microsoft moves to nuke Zeus ID-theft malware

      Believe you will need!!!!!!

      is a very good!

      come HTTP://0845/4PC
      lincc324
  • RE: Microsoft moves to nuke Zeus ID-theft malware

    In response to those who believe that the non-legit users "deserve what they git [sic]", I would remind everyone that this is like saying that people who drive stolen cars [not that I condone stealing!] should not be able to get basic vehicle repairs and annual inspections. Would we all rather drive along side others whose cars are in unsafe condition? Of course not! That would be crazy, right? The idea also applies to non-legit Windows copies; they are all on the same "information super-highway" that the legit users use. It is much better that we patch ALL copies of Windows, legit or not, for the safety of the whole Internet!
    karl0318
    • RE: Microsoft moves to nuke Zeus ID-theft malware

      @karl0318@...
      They are criminals they have stolen something that they didnt pay for and your excuse/example is just plain old bullshit.
      Stan57
    • RE: Microsoft moves to nuke Zeus ID-theft malware

      @karl0318@... your wrong. Those with stolen copies of windows do not deserve all the same benefits. Ms has had enough offers and promotions for people to get legitimate copies by now.
      Jimster480
  • RE: Microsoft moves to nuke Zeus ID-theft malware

    Sorry for the double post! I only wanted to change an analogy to a better one.
    In response to those who believe that the non-legit users "deserve what they git [sic]", I would remind everyone that this is like saying that people who drive unregistered cars should not be able to get basic vehicle repairs and annual inspections. Would we all rather drive along side others whose cars are in unsafe condition? Of course not! That would be crazy, right? The idea also applies to non-legit Windows copies; they are all on the same "information super-highway" that the legit users use. It is much better that we patch ALL copies of Windows, legit or not, for the safety of the whole Internet!
    karl0318
    • ALL Windows copies ARE patched

      @karl0318@...

      Microsoft announced a while back that legit or not, WU will install security updates, but like I have said before there are users who will turn it off, whether deliberately or by paranoid idiot admins giving out bad advice.
      The one and only, Cylon Centurion
  • Hey

    Just use common sense online and get some good protection and you'll be OK:

    http://TechReview.LIEconomy.com
    ALISON SMOCK