Report: ZeuS crimeware kit, malicious PDFs drive growth of cybercrime

Report: ZeuS crimeware kit, malicious PDFs drive growth of cybercrime

Summary: New report indicates that the combination of the ZeuS crimeware kit, and the tremendous increase of malicious PDFs seen in 2009, play a crucial role in the growth model of the cybercrime ecosystem.

TOPICS: Security

Symantec's recently released "Internet Security Threat Report trends for 2009" report, takes a deep dive into the world of cybercrime, by discussing some of the key driving forces behind its growth.

From the affordable price of the ubiquitous crimeware kit ZeuS, to the tremendous growth of malicious PDFs seen in 2009 based on the integration of Adobe flaws in popular malware kits , the report describes a cybercrime ecosystem whose entry barriers are becoming increasingly lower.

Key findings of the study:

  • In 2009, the United States had the most overall malicious activity, with 19 percent of the total; this is a decrease from 23 percent in 2008, when the United States also ranked first
  • The company observed 6,798,338 distinct bot-infected computers during this period; this is a 28 percent decrease from 2008
  • Symantec created 2,895,802 new malicious code signatures in 2009, a 71 percent increase over 2008
  • The top attacked vulnerability for 2009 was the Microsoft Windows "SMB2‘_Smb2ValidateproviderCallback()’ remote Code Execution Vulnerability"
  • Of all browsers Symantec analyzed in 2009, Safari had the longest window of (vulnerability) exposure with a 13-day average
  • Attack type "PDF Suspicious File Download" accounted for 49% of Web-based attacks for 2009. In comparison the use of malicious PDFs in 2008 was 11%.
  • Crimeware kits like Zeus make it easier for unskilled attackers to compromise computers and steal information

Although the report is attributing the growth of cybercrime to the right factors, there's one element of the cybercrime ecosystem that has more effect that the overall availability and affordable price of the ZeuS kit - the Cybercrime-as-a-Service (CaaS) market model.

What's more dangerous? The ever-decreasing price of the ZeuS crimeware kit, or the trending availability of Cybercrime-as-a-service propositions? Just how significant as a threat is the Zeus crimeware kit?

Not surprisingly, the company is contributing the growth of ZeuS crimeware generated malware -- in 2009, Symantec observed nearly 90,000 unique variants of binary files created by the Zeus toolkit -- to the combination of its affordable price, and the increasing number of people performing online banking activities.

The company is not alone in observing the growth and success of the ZeuS crimeware kit.

September, 2009's “Measuring the in-the-wild effectiveness of Antivirus against Zeus” report by Trusteer, indicated that "the effectiveness of an up to date anti virus against Zeus is thus not 100%, not 90%, not even 50% - it’s just 23%." meaning that cybercriminals have clearly started excelling into the practice of bypassing signature-based malware scanners.

APWG Phishing Activity Trends Report for Q3 of 2009, also pointed out that based on the 22,754,847 scanned computers 15.89 percent were infected with banker malware. Moreover, Trusteer's latest data shows that one in every 3,000 computers from the 5.5m hosts they monitor in the US and UK, is currently infected with ZeuS.

Combined with the new features in the latest version of ZeuS (code protection with hardware-based licensing system), the kit's authors are clearly interested in strengthening their position as market leader of crimeware activity online:

  • The new version of Zeus targets the growing population of Firefox users, in addition to Internet Explorer. Previous versions were incapable of exploiting Firefox to commit sophisticated online fraud against banks using strong layers of authentication. However, Zeus 1.4 supports HTML injection and transaction tampering for Firefox, two techniques which are effectively used to bypass strong authentication and transaction signing solutions.

It's clear that cybercriminals operate in an environment so comfortable, that it allows them to achieve their fraudulent objectives much easily than they used to a few years ago.

The keyword for ensuring that you don't become one of the millions of people infected with ZeuS or malware in general, is "situational awareness", next to the basic common sense tips for preventing a possible infection.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The keyword is: Alternatives

    [i]"The keyword for ensuring that you don't become one of the millions of people infected with ZeuS or malware in general, is 'situational awareness', next to the basic common sense tips for preventing a possible infection."[/i]



    Dancho is painting a story which concludes you must bear the responsibility for maintaining 'situational awareness' and common sense to avoid becoming infected.

    I am sorry Dancho. This should not be put on the user.

    It's just gotten so bad with Microsoft Windows that all manner of criminal activity is growing around it.

    It's time to say to your readership that they are not responsible for harmful product defects.

    And, if you really have your readership's best interests at heart, what you *should* be doing is pointing out to them that there are truly safe 'alternatives' to using Microsoft Windows.


    It has gotten so bad that recently it reached the <a href="">ComputerWorld</a> news that a CIO for a bank in Florida has begun offering Ubuntu on CD to his customers to do their on-line transactions.

    Folks, this is very serious and the Zero-Day authors need to come to terms with what they believe in.

    Your safety comes first.

    Dancho: be the first to step forward and say that there are 'alternatives'.

    It is the right thing to do.

    Ubuntu Linux: The safe choice.

    I stake my reputation on it.

    Dietrich T. Schmitz
    Linux Advocate
    Dietrich T. Schmitz, Linux Advocate
  • RE: Report: ZeuS crimeware kit, malicious PDFs drive growth of cybercrime

    I want to put Linux on my laptop...
    (HP Pavillion dv5000, AMD Turion64, 1 gb ram, ATI Mobility Radeon Xpress 200 series, running 32 bit WinXP Pro SP3 but capable of 64 bit)

    But the Live Cds I have been playing with doesn't reconize hardly any of my drivers. Especially the built in Wireless adapter or the ATI Graphics. I have been all over HPs website, and no help there.

    If you know of a good Linux "Flavor" that would work great with my latop, I would love to try it.
    • Curious that you make no mention of which Distros you've tried

      Try Ubuntu.

      If you have issues, you can ping me at my site and I'll try to help you out.
      Dietrich T. Schmitz, Linux Advocate
    • Alternatives

      This may help:

      You could try Linux Mint -

      Gentoo seems to support it also, although Gentoo is not for the faint hearted (at least it wasn't a year or so ago)

      Good Luck !
      • I am suspicious the user makes no mention of which Distro

        I would NEVER recommend Gentoo to a new user.
        Dietrich T. Schmitz, Linux Advocate
    • If you are using a dv5000, then it is using a broadcom chipset

      In Ubuntu, simply go to System->Hardware->Hardware Drivers

      And select the Broadcom driver to activate.

      Otherwise, you are not specific enough as to which Distro(s) you tried.

      Your dv5000 should work fine with ATI and broadcom OOTB.
      Dietrich T. Schmitz, Linux Advocate
  • RE: Report: ZeuS crimeware kit, malicious PDFs drive growth of cybercrime

    Well done! Thank you very much for professional templates and community edition
    <a href="">sesli sohbet</a> <a href="">sesli chat</a>