London UK 4th November 2010 On October 12, - Microsoft added detection and removal capabilities for the ZeuS financial malware (also known as Zbot and WSNPoem) to its Malicious Software Removal Tool (MSRT) on 12th of October, http://blogs.technet.com/b/mmpc/archive/2010/10/12/msrt-on-zbot-the-botn.....
It is meant to help prevent the infection and spread of the most prevalent forms of malware. With MSRT out in the field, Trusteer’s research organization decided to evaluate its effectiveness in detecting and removing ZeuS. Trusteer tested MSRT against hundreds of Zeus files, and found that MSRT detects Zeus 2.0 about half (46%) the time, but is unable to detect the new 2.1 version of this financial Trojan. The good news is that MSRT has/will be able to kill approximately half of the Zeus population. This detection rate is very respectable since most antivirus solutions, if not all, have a much lower detection rate. However, this low detection rate also emphasizes how hard it is to remove Zeus.
Zeus also has a significant advantage over MSRT when it comes to committing fraud. Since MSRT does not operate in real-time and only disinfects a machine when it is running, hackers have a golden window of opportunity between the time of a Zeus infection and the next scan by MSRT to siphon off money from the victim's bank account. Thousands of new computers are infected with Zeus every day, and are instantly analyzed by fraudsters. Truster has found, based on research conducted with more than 70 financial institutions over the past two years that financial fraud usually occurs shortly after a computer is infected with Zeus because sensitive information is immediately transmitted back to the criminals. In the majority of cases, the ability of MSRT to prevent Zeus-related fraud and data loss will be minimal because the damage has already done by the time it performs its scan.
“Microsoft’s decision to join the fight against financial malware is an important step. Winning the war against criminals requires the participation and cooperation of more software vendors and increased involvement by law enforcement agencies,” said Mickey Boodaei, Trusteer's CEO. “I hope Microsoft's efforts won't stop here since there is a lot more to be done. However. I believe that MSRT will actually serve to further shorten the time between a machine becoming infected and the time it is used to commit fraud. I also expect this will reduce the effectiveness of antivirus solutions, since they typically cannot detect a new variant until a few days after it is released.”
“I also won’t be surprised if some financial malware starts targeting MSRT to render it useless. Based on previous activity I have witnessed by financial malware developers, this is very likely. Zeus, and other financial malware, can accomplish this fairly easily since they have a distinct technical advantage over MSRT as they are already running when MSRT starts scanning. This allows the Trojan to easily block MSRT from running altogether. Disabling MSRT will inflict even further damage, since it is effective at detecting and removing many other forms of malware,” Boodaei added
“Microsoft is working hard and making important contributions towards improving online security with MSRT and Microsoft Security Essentials. However, in the battle against Zeus, I believe Microsoft chose the wrong weapon. What’s needed are real-time, signature-independent solutions and more operating system improvements, if we want to defeat Zeus and others like it,” Boodaei concluded.
Trusteer, the world’s leading provider of secure browsing services, helps secure computers against Man in the Middle, Man in the Browser, and Phishing attacks. Trusteer is currently used by more than 70 leading financial organizations and enterprises in North America and Europe, and by more than 14 million end users to protect their online banking, shopping and other communication against sophisticated malware attacks and fraud. HSBC, Santander, The Royal Bank of Scotland, SunTrust, Fifth Third, ING DIRECT, and Bank of Montreal are just a few of the banks using Trusteer’s technology. Trusteer's service for enterprises prevents malware from accessing enterprise network resources and sensitive information through SSL - VPN connections and unmanaged devices. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. Follow us on www.Twitter.com/Trusteer. For more information about our products and services, please visit www.trusteer.com
Source: Eskenzi PR Ltd.