Zeus botnet shifts from US to Eastern Europe

The US is home to nearly 40 per cent of the web sites being used to control the infamous Zeus botnet, researchers have warned.

Security firm Trusteer said that a recent four-month study of the Zeus botnet showed that 39.8 per cent of the sites being used as command-and-control centres for infected machines had IP addresses in the US.

Russia was second on the list, with a 21.6 per cent share of Zeus-infected machines. Overall, countries in Eastern Europe accounted for 32 per cent of Zeus controllers.

Zeus has long been considered to be one of the top malware threats on the web. Notoriously easy to set up and maintain, the malware can be deployed with little up-front cost.

Zeus is also renowned for its ability to trick users into disclosing personal information. The program can intercept web pages from otherwise legitimate sites and add code to harvest account details.

Trusteer said that, while large countries had the highest rates of infection, it is the statistics in emerging nations that suggest a pattern.

The report noted that when the list is reduced to IP addresses that were accessible in the past 80 days, the stakes claimed by the US and Russia fell while smaller countries such as Bosnia and Herzegovina were found to contain a sizeable percentage of Zeus command-and-control sites.

"More than anything, these detailed statistics show that the global internet is becoming highly diversified, but the increasing use of automated registration and servicing systems on the internet means that human operator monitoring of hosted systems is less frequent in those countries with good internet access," wrote Trusteer chief technical officer Amit Klein.

"As well as driving the cost of hosting downwards, this has the worrying effect of making it all too easy to register and set up a [command-and-control] and/or Zeus-infected web site plus allied systems, and using the platform to infect the general internet user community."