Zeus retains botnet crown, according to McAfee

Zeus malware continues to be a scourge on users, with researchers reporting it remains the most popular botnet family on the web, years after it first emerged.

McAfee reported that the financially-oriented malware was by far the largest botnet on the web, claiming some 57 percent of botnet infections the company logged thus far in 2013. According to McAfee, Zeus and its variants account for some 57.9 percent of all botnet infections. No other botnet on the list logged more than a nine percent share.

Following its first major outbreaks in 2009, the Zeus malware has long been a thorn in the side of the cybersecurity community.

Renowned for its ability to operate without alerting users, Zeus infections reside locally on the victim's PC and inject code directly into browser before a page is displayed. This allows Zeus variants to add data input fields or redirect transmissions from an otherwise legitimate website.

According to McAfee researcher Neeraj Thakar, the polymorphic nature of Zeus, which allows the malware to constantly change its own code, makes detecting the malware's signature all but impossible in the wild.

"Bot masters have become so advanced and organised that they can churn out thousands of undetectable and unique malware binaries each day," Thakar wrote.

"That coupled with the ability to rapidly change the control-server hosting infrastructure allows them to stay active longer without being taken down."

The spread of Zeus continues despite efforts by security vendors to remove the various botnets built on the platform. Microsoft recently sued two men in the UK over their involvement in Zeus botnets.

Still, McAfee estimates that as many as 37 percent of the 8.5 million malware payloads it has analysed this year are linked to known botnets, largely variants on Zeus.

• Tweet  
• Facebook  
•  
•  
• Save this article  
• Send to  

• Topics
• Security
• malware
• Botnets
• Zeus