Zeus, Zeu S, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows.
While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing.
Security experts are advising that businesses continue to offer training to users to teach them to not to click on hostile or suspicious links in emails or Web sites, and to keep antivirus protection up to date.
Antivirus software does not claim to reliably prevent infection; for example Browser Protection says that it can prevent "some infection attempts". They created bank accounts using fake documents and false names.
The virus was distributed in an e-mail, and when targeted individuals at businesses and municipalities opened the e-mail, the trojan software installed itself on the victimized computer, secretly capturing passwords, account numbers, and other data used to log in to online banking accounts. Once the money was in the accounts, the mules would either wire it back to their bosses in Eastern Europe, or withdraw it in cash and smuggle it out of the country. Early reports said that he was the mastermind behind Zeu S.
The hackers then used this information to take over the victims’ bank accounts and make unauthorized transfers of thousands of dollars at a time, often routing the funds to other accounts controlled by a network of money mules, paid a commission. He was accused of operating Spy Eye (a bot functionally similar to Zeu S) botnets, and suspected of also operating Zeu S botnets.
He was charged with several counts of wire fraud and computer fraud and abuse.
Court papers allege that from 2009 to 2011 Bendelladj and others "developed, marketed and sold various versions of the Spy Eye virus and component parts on the Internet and allowed cybercriminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information".
It was also alleged that Bendelladj advertised Spy Eye on Internet forums devoted to cyber- and other crimes and operated Command and Control servers.
The charges in Georgia relate only to Spy Eye, as a Spy Eye botnet control server was based in Atlanta.
In late 2010, a number of Internet security vendors including Mc Afee and Internet Identity claimed that the creator of Zeus had said that he was retiring and had given the source code and rights to sell Zeus to his biggest competitor, the creator of the Spy Eye trojan.