Microsoft Toolkit Removes Zeus Trojan from 275k PCs

Dennis Faas's picture

After weeks of wreaking financial havoc on web users around the world, the dreaded Zeus Trojan is finally showing signs of weakness. Microsoft this week announced that their free malware cleaning tool has targeted the virus, going so far as to report the removal of Zeus from 275,000 Windows computers in less than 7 days.

Zeus, also referred to as Zbot, is a devious collection of software (a "crimeware kit") that allows hackers to create customized malware that can be used to infect PCs. Zeus is most commonly programmed to target usernames, passwords and other information needed to get at online bank accounts.

Zeus Trojan Infects Charles Schwab Investment Firm

Zeus, which first appeared back in 2007, garnered worldwide attention last month when authorities in the U.S., the U.K. and Ukraine arrested more than 100 members said to be affiliated members of a Zeus gang.

The group that was taken into custody accounted for more than $200 million in stolen cash from consumers and small businesses within a four-year span. (Source:

Notable brokerage and banking company Charles Schwab Corporation was also a recent target for the Zeus gang, who had injected bogus forms into legitimate sessions at the firm's web site in an effort to harvest data.

Zeus Detection Added to Microsoft's Patch Tuesday

The good news, however, is that Microsoft thought enough of the Zeus situation to add a detection application to its Malicious Software Removal Tool (MSRT), a free malware-removal program that the company updates every month as part of its "Patch Tuesday" security fixes.

Since its availability was made public just over a week ago, MSRT has removed 281,491 cases of Zeus from 274,873 PCs. Not surprisingly, those figures have shot the Zeus Trojan into the top spot on MSRT's hit list. (Source:

Since last Tuesday, Zeus infection accounted for a whopping 20.4 per cent of all machine cleanings.

Zeus Prevention An Issue; New Revisions Undetectable

Even with positive outlook, there are some caveats.

First and foremost is that Microsoft's free Malicious Software Removal Tool does not prevent the actual Zeus attack code from getting installed onto a Windows machine. Instead, its "saving powers" are limited to the detection and removal of Zeus from machines already infected with the virus -- and only ones that are recognized by the removal software.

And finally, since the Zeus Trojan continues to be revised by its creators, antivirus and antimalware programs are unable to detect the new signatures, which means that some infections may go unnoticed.

Rate this article: 
No votes yet