Governments take on Zeus, the god of cyber crime

Criminal groups have stolen millions of dollars using the banking Trojan, and prosecutors are finally catching up

In the movie "Clash of the Titans," mankind rebels against the gods, especially the leader of the Greek pantheon, Zeus.

The plot is playing itself out in the modern day as well. On Thursday, the U.S. Department of Justice planned to announce a massive crackdown on an alleged group of criminals that stole millions of dollars from U.S. banks using the Zeus trojan. The announcement, coming out of the U.S. Attorney's Office for the Southern District of New York, follows a crackdown earlier this week that netted nearly a score of suspects in the United Kingdom.

[ The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

"We believe we have disrupted a highly organized criminal network, which has used sophisticated methods to siphon large amounts of cash from many innocent peoples' accounts," Detective Chief Inspector Terry Wilson of London's Metropolitan Police Services said of this week's raids in the United Kingdom, according to IDG News Service.

The U.S. Attorney's Office confirmed the law enforcement action in the United States but would not give additional details until a press conference scheduled for 1 p.m. ET.

Over the last year, Zeus has come to dominate the criminal ecosystem for banking trojans. The malicious software, which is sold for hundreds of dollars by its developers, has been spreading since 2006, but jumped in popularity a year ago, according to Microsoft data. One reason for its popularity: Other developers can create and sell plug-ins for the software, adding features like the ability to exploit newer vulnerabilities and manage spam campaigns targeting a specific industry.

Using the Zeus platform, for example, the 19 people arrested by U.K. law enforcement were allegedly able to drain victim's bank accounts of more than $9 million.

While botnets, just like gods, are hard to kill, authorities and security professionals have made some leeway against Zeus. There are still 164 known Zeus command-and-control servers currently active, but that's down from a peak of 259 on August 22, according to ZeusTracker, a site dedicated to monitoring the spread of this particular trojan.

The recent decline in Zeus infections -- albeit, known Zeus infections -- suggests that the actions of the U.K. and U.S. governments are part of a coordinated action against Zeus.

Time will tell if such a widespread crackdown is enough to throw down this particular botnet.

This article, "Governments take on Zeus, the god of cyber crime," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.


Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform