Fact Check

ZeuS Virus

Warning about the Zeus computer virus.

Published Jun 4, 2013

Virus:   Zeus (aka ZBOT)


Examples:   [Collected via e-mail, November 2011]

Is there a virus lingering on Facebook that can empty your bank account?

The virus is called Zeus. It's a special type of Trojan horse that has already infected millions of computers. Zeus works by remaining dormant on your computer until you log into your bank account. Once you're in it steals your password and drains your account.


Origins:   In May 2013, Trend Micro reported on the increased incidence in recent months of a version of the six-year-old personal information-stealing ZeuS/ZBOT Trojan horse:

The notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year. In our 2013 Security Predictions, we predicted that cybercrime will be characterized by old threats resurfacing, but with certain refinements and new features in tow. The 1Q of the year proved this thesis, as seen in threats like CARBERP and Andromeda botnet.

We can now include the data-stealing malware ZeuS/ZBOT to this roster of old-but-new threats, which we’ve noted to have increased these past months based from Trend Micro Smart Protection Network feedback.

According to Symantec, Zeus is typically spread through phishing schemes which utilize e-mail and links in fake Facebook profiles (often in the form of messages that tell friends to check out videos or products):

The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft. The message body warns the user of a problem with their financial information, online account, or software and suggests they visit a link provided in the email. The computer is compromised if the user visits the link, if it is not protected.

As noted in the New York Times, one of the primary targets of Zeus malware is the stealing of customer passwords and personal information associated with banking web sites:

Zeus is a particularly nasty Trojan horse that has infected millions of computers, most of them in the United States. Once Zeus has compromised a computer, it stays dormant until a victim logs into a bank site, and then it steals the victim’s passwords and drains the victim’s accounts. In some cases, it can even replace a bank’s Web site with its own page, in order to get even more information — such as a Social Security number — that can be sold on the black market.

Zeus targets Windows-based machines and does not work on Mac OS X or Linux systems.

Last updated:   4 June 2013

David Mikkelson founded the site now known as snopes.com back in 1994.