Zeus Reigns as Supreme Botnet

After all these years, Zeus malware remains the most popular botnet family on the web.

The financially-oriented malware was by far the largest botnet on the web, claiming 57 percent of botnet infections logged thus far in 2013, said researchers at McAfee. In addition, its variants account for 57.9 percent of all botnet infections, the researchers said. No other botnet on the list logged more than a nine percent share.

RELATED STORIES
Grum Botnet Coming Back Slowly
Cookie Attack can Hijack Accounts
Huge Botnet Steals from Advertisers
Ramnit Malware Back, Better

Following its first major outbreaks in 2009, the Zeus malware has long been a thorn in the side of the cybersecurity community.

Known for its ability to operate without tipping off users, Zeus infections reside locally on the victim’s PC and inject code directly into a browser before a page displays. This allows Zeus variants to add data input fields or redirect transmissions from an otherwise legitimate website.

The polymorphic nature of Zeus, which allows the malware to constantly change its own code, makes detecting the malware’s signature all but impossible in the wild, said McAfee researcher Neeraj Thakar.

“Bot masters have become so advanced and organized that they can churn out thousands of undetectable and unique malware binaries each day,” Thakar said.

“That coupled with the ability to rapidly change the control-server hosting infrastructure allows them to stay active longer without being taken down,” he said.

The spread of Zeus continues despite efforts by security vendors to remove the various botnets built on the platform.

Still, McAfee estimates that as many as 37 percent of the 8.5 million malware payloads it analyzed this year link to known botnets, largely variants on Zeus.