Report: Zeus Trojan bypasses anti-virus software 77% of the time

Trusteer reported that the Zeus online banking Trojan infects machines that are running up-to-date anti-virus programs up to 77 percent of the time. These findings are based on a sample of more than 10,000 users of the Rapport browser security service, whose machines were infected with the Zeus Trojan.

Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the Internet today. It infects consumer PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.

The report released today by Trusteer found that the majority of Zeus infections occur on machines which have an installed and up-to-date anti-virus product. Specifically, Trusteer found that among Zeus infected machines:

• 31% had no anti-virus protection installed
• 14% had anti-virus protection installed, but signature files were not up to date
• 55% had up-to-date anti-virus protection installed.

The full report is available here.