Two years late, Microsoft finally zaps Zeus

This month's version of the Microsoft's Malicious Software Removal Tool finally looks for Zeus, evil spawn of the world's leading bot builder

The Zeus Trojan and the resiliency of the Zeus botnet have made big headlines recently. Zeus is a supremely effective infector. Zeus-created botnets, known as Zbots, control many millions of computers -- mostly Windows XP machines --- in almost 200 countries. Recent outbreaks spread through millions of Facebook phishing messages and official-looking email notices purporting to come from Verizon.

Now comes word from the Microsoft Malware Protection Center blog that the latest round of Microsoft's ubiquitous Malicious Software Removal Tool -- the version released on Black Tuesday this week -- finally takes on Zeus. "This month, the MSRT team has added detection and removal for Zbot, one of the most widely known active botnets today," according to the blog.

[ InfoWorld's Robert McMillan warns about Zeus stealing corporate secrets | Learn how to secure your systems with InfoWorld's Malware Deep Dive PDF special report and Security Central newsletter, both from InfoWorld. ]

Golly. What in the blue blazes took Microsoft so long?

Yes, by its very nature, Zeus morphs: Sold as a kit for about $4,000 and frequently used by criminal entreprenuers who know little more than how to click through a handful of setup dialogs, Zeus allows almost anyone to create their own Zeus variant, complete with a copy protection scheme and unique server keys to cut down on pirate copies. A Web admin panel that lets you run your very own botnet costs an additional $700.

The toolkit makes it easy to mash and mangle the pieces, making identification difficult. Apparently, anybody with $4,700 or so and a good command of search engines can buy a copy, and each copy leads to different variants. And yes, Zeus does run as a rootkit, so its vestiges can be hard to find, especially on XP machines.

But that doesn't let Microsoft off the hook.

Zeus has been widely available since early 2009, fer cryin' out loud. Symantec called Zeus "King of the Underground Cimeware Toolkits" more than a year ago. Microsoft's been standing on the sidelines watching for nearly two years. No interim attempts at detection. No stand-alone scanners. No partial solutions. Nothing.

Sure, it'll be great if MSRT now catches 80 or 90 percent of all the infected PCs out there. But why didn't we get an MSRT that caught 20 percent of the infections two years ago?

This article, "Two years late, Microsoft finally zaps Zeus," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform