Timeline: Three years of Zeus terror

It was in 2007 the Zeus Trojan was first spotted and it has been causing carnage ever since. We take a look back at the Trojan's rise.

Zeus

Zeus, aptly named after the King of the Gods in Greek mythology, is one of the most prevalent forms of malware found on the web.

This year in particular has seen various Trojan machinations causing chaos for companies across the globe, namely financial institutions.

So where did it all start and who has been hit by Zeus during its three-year reign of pain?

July 2007: The Zeus Trojan is widely believed to have been first spotted in July 2007, in an attack on the US Department of Transportation.

May 2008: Zeus abuse really ramped up in 2008. RSA Security found it was actually becoming easier for hackers to get hold of the malware, after Trojan infection kits had been made available to rent or purchase.

May 2009: A Zeus botnet managed to take out operating systems on 100,000 computers, in what was being called a "nuclear" attack. Swiss IT expert Roman Hussy reported on a Zeus command and control server sending out Kill Operating System commands designed to prevent an OS from loading.

November 2009: Finally some success was seen in taking down the hackers. The Metropolitan Police's Central e-Crime Unit made the first arrests in Europe around the use of Zeus, taking down a man and woman both 20 years old at the time.

April 2010: An RSA Security study showed that nine in ten Fortune 500 companies in the US had been potentially hit by Zeus-based attacks. By this point, Zeus was known to have compromised computers in 196 countries.

A Zeus 1.4 Trojan was identified in April as well, supporting two techniques one being HTML injection, the other something called transaction tampering. These allowed the malware to get round even tough authentication and transaction signing solutions.

It was also the first time Zeus had been seen exploiting the Firefox browser something it had been unable to do previously.

July 2010: At the start of the month two new Zeus botnets aimed at UK consumers were uncovered by Trusteer. They were only found on UK machines and were targeting UK-based banks solely. It was part of a worrying trend of Zeus-based attacks targeting the nation.

Trusteer was on the case later in July, revealing how a Zeus Trojan had been used in an attack, which produced replicas of the Verified by Visa and MasterCard SecureCode protection features in order to dupe US customers.

August 2010: August saw new versions of the infamous malware hitting the UK hard.

Firstly, Zeus was being used as part of the Mumba botnet, which had infected 55,000 computers and illicitly obtained more than 60GB of personal data.

Then Trusteer uncovered a Zeus v2 botnet, controlling more than 100,000 computers. Almost all of these systems were based in the UK and stolen data included online banking details and social network logins.

Later in the month hackers were revealed to be using Zeus v3 to steal 675,000 from a single UK bank. M86 Security discovered this version of Zeus was able to initiate transfers from within user accounts, handing funds directly to the cyber criminals.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021