90 Percent Of Fortune 500 Infected By Zeus Botnet: Report
The RSA CyberCrime Intelligence Service, powered by the Anti-Fraud Command Center, found that 88 percent of Fortune 500 companies -- 441 total -- had their systems accessed by the banking Zeus botnet, while 60 percent of the firms -- totaling 299 -- experienced stolen e-mail account information as a result of their infection.
The Zeus Trojan generally accesses a user's computer with a malicious download, usually delivered through some form of social engineering scheme. Once on a victim's computer, the Zeus malware can then capture a wide array of sensitive data and credentials, including legal documents, health-care records and intellectual property, in addition to financial information such as banking and credit card numbers. The stolen data is then sent to a bot command and control server, which stores the information.
According to a SecureWorks Threat Analysis report, Zeus is likely the primary tool most utilized by criminals in banking crimes, and is sold in the criminal underground as a kit that runs anywhere from $3,000 to $4,000.
Among other things, the notorious botnet can steal data submitted in HTTP, capture account credentials stored in Windows Protected Storage, steal FTP and POP account credentials, lift and delete HTTP and Flash cookies, redirect victims from visited Websites to ones controlled by the attacker, take screenshots and scrape HTML from target sites, search for and uploads files from the infected computer, download and execute malicious programs, and delete registry keys.
Security experts say that cyber criminals are increasingly relying on information-stealing Trojans such as Zeus to access corporate information other than credit card numbers and personal identities.
"We are seeing a celestial alignment within the world of online fraud which means that a much broader segment of corporate Internet users are being targeted by criminals who are looking to steal more than just credit card numbers and consumer identities," said Uri Rivner, head of new cybercrime technology for RSA, in a statement.
Rivner said that sophisticated Trojans such as Zeus are detected less than 45 percent of the time.
RSA announced its new CyberCrime Intelligence Service Thursday, which is powered by the RSA Anti-Fraud Command Center, and can be used by security professionals to illuminate security holes in IT infrastructure. Cybercrime Intelligence Service is an outsourced real-time managed security service, designed to enable visibility into a company's IT security environment, and provide information on data loss, malware and insider threats. The service is slated to be available to customers May 1.