Timeline: Three years of Zeus terror


Zeus, aptly named after the King of the Gods in Greek mythology, is one of the most prevalent forms of malware found on the web.

This year in particular has seen various Trojan machinations causing chaos for companies across the globe, namely financial institutions.

So where did it all start and who has been hit by Zeus during its three-year reign of pain?

July 2007: The Zeus Trojan is widely believed to have been first spotted in July 2007, in an attack on the US Department of Transportation.

May 2008: Zeus abuse really ramped up in 2008. RSA Security found it was actually becoming easier for hackers to get hold of the malware, after Trojan infection kits had been made available to rent or purchase.

May 2009: A Zeus botnet managed to take out operating systems on 100,000 computers, in what was being called a "nuclear" attack. Swiss IT expert Roman Hussy reported on a Zeus command and control server sending out Kill Operating System commands designed to prevent an OS from loading.

November 2009: Finally some success was seen in taking down the hackers. The Metropolitan Police's Central e-Crime Unit made the first arrests in Europe around the use of Zeus, taking down a man and woman both 20 years old at the time.

April 2010: An RSA Security study showed that nine in ten Fortune 500 companies in the US had been potentially hit by Zeus-based attacks. By this point, Zeus was known to have compromised computers in 196 countries.

A Zeus 1.4 Trojan was identified in April as well, supporting two techniques one being HTML injection, the other something called transaction tampering. These allowed the malware to get round even tough authentication and transaction signing solutions.

It was also the first time Zeus had been seen exploiting the Firefox browser something it had been unable to do previously.

July 2010: At the start of the month two new Zeus botnets aimed at UK consumers were uncovered by Trusteer. They were only found on UK machines and were targeting UK-based banks solely. It was part of a worrying trend of Zeus-based attacks targeting the nation.

Trusteer was on the case later in July, revealing how a Zeus Trojan had been used in an attack, which produced replicas of the Verified by Visa and MasterCard SecureCode protection features in order to dupe US customers.

August 2010: August saw new versions of the infamous malware hitting the UK hard.

Firstly, Zeus was being used as part of the Mumba botnet, which had infected 55,000 computers and illicitly obtained more than 60GB of personal data.

Then Trusteer uncovered a Zeus v2 botnet, controlling more than 100,000 computers. Almost all of these systems were based in the UK and stolen data included online banking details and social network logins.

Later in the month hackers were revealed to be using Zeus v3 to steal 675,000 from a single UK bank. M86 Security discovered this version of Zeus was able to initiate transfers from within user accounts, handing funds directly to the cyber criminals.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.