Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Feds hit Zeus group, but the brains remain overseas

Robert McMillan | Oct. 1, 2010
Will authorities make arrests in Russia, where Zeus was created?

Western Beaver ended up suing its bank, but many ACH fraud cases are quietly settled out of court, keeping the phenomenon out of the public eye.

Thursday's charges -- brought by both the U.S. Department of Justice and the Manhattan District Attorney's Office -- deal a grave blow to the money mule system that the Zeus criminals had set up to move cash out of the U.S., but it doesn't touch the people who developed the code, run the back-end servers, and generally set up the scam in the first place.

The U.S. Federal Bureau of Investigation acknowledged Thursday that there is still more work to go. "It remains an ongoing investigation," said FBI spokesman Paul Bresson.

Zeus's main software developer, who once went by the name A-Z, is thought to live in St Petersburg, according to Don Jackson, a researcher with SecureWorks, one of the companies that has been tracking Zeus for years.

To complicate matters, Zeus is not run by a single gang. There are perhaps five to 10 Zeus gangs that operate at the highest level, Jackson said. These are the crooks who get access to the best code, who have the most up-to-date attacks, and who make the most money.

However the Zeus code is also freely sold on the black market, and there are many others who also make their own use of the malware.

That means that Zeus is not going away any time soon. And unless authorities in the Eastern European countries that are Zeus' home also make arrests, it could easily re-emerge as a problem in the U.S.

"I don't even think that we're going to see Zeus necessarily stop," said Zeus expert Gary Warner, the director of research in computer forensics with the University of Alabama at Birmingham. "This particular family of Zeus has probably seen the end of its days, but something will step into the void."

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.