Zeus, also known as Zbot, is a malware toolkit that allows a cybercriminal to build his own Trojan Horse. On the Internet, a Trojan Horse is programming that appears to be legitimate but actually hides an attack. Zeus, which is sold on the black market, allows non-programmers to purchase the technology they need to carry out cybercrimes. According to a 2010 report from SecureWorks, the basic Zeus package starts at about $3,000. Additional modules, which can cost as much as $10,000, are available for specific tasks.
Once a Zeus Trojan infects a machine, it remains dormant until the end user visits a Web page with a form to fill out. One of the toolkit's most powerful features is that it allows criminals to add fields to forms at the browser level. This means that instead of directing the end user to a counterfeit website, the user would see the legitimate website but might be asked to fill in an additional blank with specific information for "security reasons."
Zeus gained notoriety in 2006 as being the tool of choice for criminals stealing online banking credentials. The malware can be customized to gather credentials from banks in specific geographic areas and can be distributed in many different ways, including email attachments and malicious Web links. Once infected, a PC can be recruited to become part of a botnet.
Because a Trojan built with a Zeus toolkit is so adaptable, variations of Zeus Trojans are often missed by anti-virus software applications. According to a report by security vendor Trusteer, 77% of the PCs infected with Zeus Trojans have up-to-date anti-virus software.
SecureWorks has issued a report on the Zeus Banking Trojan.