We wrote an article a long while back on the Zeus botnet. You can read it here.
However with recent events of thousands of people getting infected with this botnet trojan we felt an updated article is needed.
First off there is no set dedicated manual removal guide for this threat. For most threats we can download install and test on several computers and develop a set manual guide to remove threats.
Zeus V3 is slightly different. It has no set file strucure and there seems to be many different variants of this threat.
WHAT IS Zeus V3
In it's simplest form Zeus V3 is a Keylogger. That means it can detect key storkes typed. The file contains a variant of Zeus Botnet, and it gets installed on the user’s system. More recently, social networking websites such as Facebook and MySpace have also been targeted by variants of Zeus Botnet. These variants send messages to users of these social networking sites claiming that they need to download and install an ‘update tool’ to update their user profiles. This ‘update tool’ of course contains the variant of Zeus Botnet. See Botnets for a further description
What does Zeus V3 Do?
In most cases it seems Zeus V3 will stay running behind the scenes. You will not notice it is installed. When you go to your bank site. Let's say wellsfargo / Chase / Bank of America it knows the website you are on and because it is a banking site it sits there waiting for you to type in your user name and password. Once you do this that information is then sent to the Master ( Another computer that the zeus bot is told to report back to ). From there the person who has your logins can attempt to steal your money and drain the bank account.
Many banks in the US have added protections to help protect people against fraud. Keybank for instance has a really nice setup. If you log into a computer and enter your user name and password and a hacker gets that information they are do not necessarily have access to your account. Key has an extra layer of security in place to protect it's users. they no your computer fro the cookie that is on it. If the hacker attempts to login from a different computer then Key detects this and the Hacker then has to answer other Secret questions in order to gain access to the account. This is a brilliant and simple security measure that all banks should have in place. While it's still VERY dangerous that someone has your login information it will at least provide you a bit of time to realize you are infected with this threat.
How to Protect Yourself
We have said it a thousand times on this website. Keep your software programs like your operating system and Java up to date. Have ACTIVE and updated security clients.
Millions of people out there believe they are protected because they have an Antivirus client installed. If you did NOT pay for the security client then you could not BE MORE WRONG. You see almost ALL with the exception of maybe two security clients out there that are free are simply just striped down versions of the real thing. They offer NO upfront protection on line. That means they do not stop a single virus from installing on your computer. They only kick in when they run the scan and by that time it's often too late. It's kind of like going to war thinking I don't need a helmet or bullet proof vest because if I get shot I will just have a doctor heal me. Too many people out there have a false sense of security when it comes to those free security clients and that leads to big disasters.
We recommend Spyware Doctor with Antivirus or the Paid version of Malwarebytes. I personally like the Spyware Doctor with Antivirus client better because of the added features you get.
I also encourage people to use RoboForm. This program stores and keeps ALL your passwords. You use a master password to gain access to the rest of your passwords. This enables you to NEVER have to remember what the user name and password is for a site and you also NEVER have to manually type in that user name and password. This stops keyloggers from getting your personal login information. You can try the free demo here. It's better to fully see the program in action to get a sense of why it's so cool.
We also recommend you NEVER use a debit card online. Debit cards offer little protection against theft. Credit cards however have more fraud prevention methods and in most cases the holder of the credit card is limited to being liable for nothing or a very small fee around $50 dollars. This sure beats someone draining 3,000 dollars from your bank account and you getting nothing back.
How to Remove Zeus Z3 or See if You are infected
Most reputable security clients can fully detect and remove Zeus Z3. To see if you are infected we recommend you download Spyware Doctor with Antivirus and run a full scan. Ensure you update the security client before you run the full scan. I would not really on any free security program to detect / remove and definetly not to protect my computer from this threat. While Spyware Doctor with Antivirus does cost money to remove threats found. It will still offer a free 30 days of protection and will be able to tell you 100% for free if you are infected with this threat. If you have a different security client that is a paid for version you should also be ok. however free software programs as already stated in this guide do not offer active protection in most cases. AVG is among those that do not offer active protection against threats in the free version.
Speak Your Mind