Microsoft's anti-Zeus tool cleans quarter-million PCs

Free program scrubs money-stealing bot from Windows computers

Microsoft said its free malware cleaning tool had scrubbed the money-stealing Zeus bot from nearly 275,000 Windows computers in under a week.

Zeus, also called Zbot, is a crimeware kit that lets criminals create customized malware that they can use to infect PCs. Hackers deploy Zeus to steal usernames, passwords and other information necessary to log in to online bank accounts. So-called "money mules" then withdraw money from the compromised accounts and wire the funds to the gang's organizers.

Friday, Fortinet reported that one Zeus gang had targeted Charles Schwab investment accounts , and was injecting a fake form into a legitimate session at the firm's site to collect personal information they could later use to confirm their illegal transactions.

Last Tuesday, Microsoft added Zeus/Zbot detection to its Malicious Software Removal Tool (MSRT), a free malware-removal program that the company updates each month and distributes alongside its Patch Tuesday security fixes. MSRT does not prevent attack code from getting on a Windows machines. Instead, it detects infected machines and then deletes the malware.

Since Tuesday, MSRT has removed 281,491 copies of Zeus from 274,873 PCs, Microsoft announced in a post to a company blog Sunday. Those numbers put the Zeus bot into the top spot on MSRT's hit list.

Zeus infections accounted for 20.4 per cent of all machine cleanings since last Tuesday, said Jeff Williams, the director of Microsoft's Malware Protection Center, in the blog post. "[That] ratio [is] higher than we typically see even when accounting for the normal, first-month spike which results from adding a new family," Williams said. "But not exceptionally so."

Zeus, which first appeared in 2007, made headlines late last month when authorities in the U.S., the U.K. and Ukraine arrested more than 100 members of a Zeus gang. The group stole an estimated $200 million from consumers and small businesses over a four-year span.

Users can manually download MSRT from Microsoft's site, or use Windows Update to retrieve and install the tool.

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags firewallsCybercrime and HackingFortinetMicrosoftsecurityfinanceMalware and Vulnerabilitiesindustry verticalsFinancial ServicesCharles Schwabnetwork security

More about Charles SchwabFortinetMicrosoftSchwab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts