Reports Soar as Zeus’ Popularity Grows

The Zeus, or Zbot, trojan started spreading as early as 2006, but only recently has the malicious do-it-yourself software run rampant among mortals’ PCs, according to data released by Microsoft.

In an analysis posted on Thursday, the software giant found that the growth of Zeus — which the company refers to as Zbot — began accelerating last October until it peaked in January. Microsoft had seen less than 50,000 reports of Zeus trojans each month up until October 2009, when the trojan broke through that ceiling and, by January, had accounted for more than 200,000 reports.

In October 2009, the number of Zeus infections reported to Microsoft took off, rocketing from under 50,000 to more than 200,000 by January. (Source: Microsoft)

“If you have been infected by this malware — well, suffice it to say that you are not alone,” Microsoft’s Jireh Sanico wrote. “Our telemetry shows Win32/Zbot infections reported back by a number of our services have rocketed sky high as of late.”

Victims in the United States and the United Kingdom accounted for nearly 75 percent of the PCs compromised by Zeus, according to Microsoft’s data. The company classified the Zeus trojans reported to its researchers into four categories based on the name of the dropped executable and the configuration files that accompanied the program.

The Zeus trojan is behind a high number of online bank thefts, where a victim’s PC is used to transfer money from their account to the thieves or to the accounts of unwitting accomplices known as “money mules.”

Microsoft’s analysis came two days after a group of security professionals attempted to take down an Internet security provider in Kazakhstan that appears to host nearly a third of known Zeus botnet controllers. The takedown lasted less than 48 hours. By Thursday, the Zeus controllers were reappearing on the Internet, according to data from ZeusTracker.