Microsoft has issued an update to their Malicious Software Removal Tool (MSRT) to deal with the widespread Zeus trojan that has been preying on unsuspecting users, gaining access to bank accounts and other sensitive data. But instead of the accolades that normally accompany such updates, the company is being faced with customers and an industry that are asking, “What took so long?”
Zeus uses phishing emails and messages to gain access to a victim’s computer and subsequently spreads after creating botnets, or Zbots, that record data from the user’s keystrokes. And it’s not new by any means. In fact, though popularity spiked last year, the trojan has been plaguing internet users since 2007.
One of the major differences between Zeus and other malicious software is the ease with which cyber-thieves are able to acquire the tools necessary to make new, undetectable variants of it. For just a few thousand dollars, anyone could purchase a toolkit to deploy the bots that have netted some criminals millions of dollars. From July 2008 to July 2009, there were at least 70,330 unique variants of Zeus detected.
But while other corporations, like Symantec, have at least been trying to catch the numerous variants of Zbots for customers since at least 2008, Microsoft has waited until now to update their Malicious Software Removal Tool to help stop the spread of these infections.
As Woody Leonhard of InfoWorld has said, “Microsoft's been standing on the sidelines watching ... No interim attempts at detection. No stand-alone scanners. No partial solutions. Nothing.”
We asked Microsoft to issue a statement regarding the comments made by Leonhard. A reply was quickly sent to us from Jerry Bryant, Group Manager for Response Communications:
“Zeus, or Win32/Zbot, has been one of the top malware families in our telemetry for some time. As indicated in the latest version of our Security Intelligence Report (SIR v9, released Wednesday), Microsoft anti-malware products have cleaned Zbot from 238,441 computers in the first half of 2010 and is the 14th largest bot family in our list. Given the prevalence and impact of this malware, it has been a priority for us to add removal capabilities to the Malicious Software Removal Tool (MSRT).”
This indicates that Microsoft was taking some steps to eradicate Zbots, but still doesn't give a clear explanation as to why their Malicious Software Removal Tool, which has been available since 2005, was just now updated.
