Disabling MSRT will inflict even further damage since it is effective at detecting and removing many other forms of malware. This allows the Trojan to block MSRT from running altogether. Zeus and other financial malware can accomplish this fairly easily since they have a distinct technical advantage over MSRT: They are already running when MSRT starts scanning. Based on previous activity I have witnessed by financial malware developers, this is very likely. I also wouldn’t be surprised if some financial malware starts targeting MSRT to render it useless. I also expect this will reduce the effectiveness of antivirus solutions because they typically cannot detect a new variant until a few days after it is released. I believe that MSRT will actually serve to further shorten the time between a machine becoming infected and the time it is used to commit fraud. In the majority of cases, the ability of MSRT to prevent Zeus-related fraud and data loss will be minimal because the damage has already been done by the time it performs its scan. Our research team has found that financial fraud usually occurs shortly after a computer is infected with Zeus because sensitive information is immediately transmitted back to the criminals. Thousands of new computers are infected with Zeus every day and are instantly analyzed by fraudsters. Since MSRT does not operate in real time and only disinfects a machine when it is running, hackers have a golden window of opportunity between the time of a Zeus infection and the next scan by MSRT to siphon off money from the victim’s bank account. Zeus also has a significant advantage over MSRT when it comes to committing fraud. Most if not all antivirus solutions have a much lower detection rate however, this low detection rate also emphasizes how hard it is to remove Zeus. The good news is that MSRT has been able to kill approximately half of the Zeus population and will continue to do so. They tested MSRT against hundreds of Zeus files and found that MSRT detects Zeus 2.0 46 percent of the time, but it was unable to detect the new 2.1 version of this financial Trojan. With MSRT out in the field, our research organization decided to evaluate its effectiveness in detecting and removing Zeus. I hope Microsoft’s efforts won’t stop here since there is still a lot more to be done. Winning the war against criminals requires the participation and cooperation of more software vendors and increased involvement by law enforcement agencies. Microsoft’s decision to join the fight against financial malware is an important step. Joining the Fight Against Malicious Software It is meant to help prevent the infection and spread of the most prevalent forms of malware. MSRT, which was first introduced in 2005, is updated monthly and released on the second Tuesday of each month to scan user’ computers. 12, 2010, Microsoft added detection and removal capabilities for the Zeus financial malware (also known as Zbot and Wsnpoem) to its Malicious Software Removal Tool (MSRT).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |