“Zeus” Users Arrested in England

For a few years now, less-than-savvy cyber-criminals have had a friend in Zeus, malware designed to infiltrate computers and steal sensitive data, send out spam, or facilitate a distributed denial-of-service attack. Now, according recent stories appearing in PC World, the Inquirer, and other publications, two 20-year-olds in Manchester are facing charges for allegedly using Zeus to steal bank account login information, which they are believed to have sent to remote servers.

That, authorities say, is a violation of England’s 1990 Computer Misuse Act and the 2006 Fraud Act. Police quoted in PC World said the suspects harvested “millions of lines of data” from affected machines.

Also known as “Zbot” the trojan (or rather, the family of trojans) first appeared in 2007 and has made periodic sweeps of the Web since, “stealing personal information and feeding it back to cyber-criminals,” according to the Inquirer. Writing in an August 25, 2009 blog posting, Symantec’s Peter Coogan called it the “king of the underground crimeware toolkits”—in 2008 alone, Symantec detected more than 154,000 infected computers, Coogan writes, suggesting the true number of affected machines is likely much higher.

The Trojan makes computers part of a criminal botnet—a network of linked computers under an outsider’s control, Graham Cluley, of security vendor Sophos, tells The Guardian. “The problem with catching the authors of malware is that they can inject their programs onto the net almost anywhere,” writes reporter Charles Arthur. “It takes enormous patience to unpick the workings of the programs, find out who really owns the web locations that they send their data to, and capture the people who are stealing the data—which may have been sold on to other, organised criminals.”