Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

How do you remove a botnet infection on a workstation? – REINSTALL the OS

by Leave a Comment

>>> “Perez, Bill” <bill.perez @ dir.state.tx.us> 9/21/2009 8:48 AM >>>
The growing trend over the past 2 years involving sophisticated viruses
that can morph and evade Anti Virus (A/V) solutions has lead DIR to
recommend re-imaging for all infected systems.

It is important that images be kept updated, and virus-free
————————————————————————
Zbot evades most anti-virus programs

Angela Moscaritolo
<http://www.scmagazineus.com/Angela-Moscaritolo/author/271/> , SC
Magazine

September 16 2009

The banking trojan Zbot <http://www.scmagazineus.com/search/zbot/> ,
which is one of today’s most prevalent financially motivated trojans, is
not detected or removed by most anti-virus programs because of its
ability to morph, according to a report
<http://www.trusteer.com/files/Zeus_and_Antivirus.pdf>  issued Wednesday
by internet security firm Trusteer.

An analysis of 10,000 Zbot-infected computers, conducted this month,
revealed that a majority were running an up-to-date AV program, Mickey
Boodaei, CEO and founder of Trusteer, told SCMagazineUS.com on
Wednesday. Fifty-five percent of Zbot-infected computers analyzed were
running up-to-date AV programs, 31 percent had no AV and 14 percent had
AV that was current, researchers at Trusteer found.

Even so, the company concluded that having an up-to-date AV product will
only protect against Zbot 23 percent of the time. AV providers likely
are having a tough time protecting users because the trojan has
sophisticated morphing and rootkit mechanisms that allow it to penetrate
deep into operating systems. Also, it protects itself from detection and
removal, Boodaei said.

Zbot, also commonly known as Zeus, has been circulating since at least
2006, was most recently propagated through spam messages
<http://www.scmagazineus.com/Fake-Microsoft-critical-update-spam-propaga
ting-trojan/article/138823/>  claiming to be a critical update for
Microsoft Outlook. The information-stealing trojan aims to capture
infected users’ banking login credentials and send them back to the
malware writers.  

No single AV engine was any better than another at protecting users from
the trojan, Boodaei said.

“All the AV vendors have difficulties in detecting and removing Zeus,”
he said. “It’s not limited to specific vendors.”

Sources:          
http://www.scmagazineus.com/Zbot-evades-most-anti-virus-programs/article
/149057/?DCMP=EMC-SCUS_Newswire


http://www.theregister.co.uk/2009/09/18/zeus_evades_detection/