Zeus infections still being seen by Aussie ISPs

By on
Zeus infections still being seen by Aussie ISPs

Variants of the Zeus banking trojan account for the majority of malware infections in Australia, despite concerted attempts to disable the threat, according to the Australian Communications and Media Authority (ACMA).

The ACMA said Zeus, a family of trojans that steals banking information through keylogging, is the most commonly detected threat on Australian IP addresses.

The authority runs the Australian Internet Security Initiative (AISI), which provides daily malware reports to 130 ISPs and network operators including the likes of AAPT, iiNet, AOL, Exetel, Optus, Vodafone and Telstra.

The Initiative generates about 16,500 daily reports of malware-infected IP addresses, which it sends to the ISPs to remediate.

The ISPs are expected to notify affected customers with advice on prevention and how to remove the infection. 

Each report is not necessarily a unique infection. The ACMA notes that internet users with dynamic IP addresses may cause multiple unique IP addresses to be caught over a 24-hour period.

In addition, there are gaps in the source data that do not correlate to a reduction in the threat at any particular point in time, but simply to problems capturing the threat data.

The AISI data is publicly available on a new ACMA webpage, and includes the top 20 types of infections reported and covers a rolling 90 day period. 

ACMA's manager of eSecurity Bruce Matthews said the AISI typically provides the malware reports to smaller ISPs, but also works with larger network operators, some of which correlate the data reported by the AISI with their own.

Last March, a Microsoft-led effort to disable Zeus saw US Marshals raid and confiscate three command-and-control (C&C) servers and take down two key IP addresses in an attempt to dismantle hubs feeding instructions to computers infected with the trojan. Microsoft took control of 800 domains involved with the servers as a result.

The company later filed a civil suit against 39 people it alleged were involved in the operation of the botnet, naming two (already in jail on Zeus-related convictions), but was unable to identify the others. 

The global scheme used Zeus to steal $70 million from US bank accounts, according to the FBI. 

The source code to Zeus was leaked in 2011 after the Russian programmer who wrote Zeus announced his retirement. The programmer was rumoured to have handed the code to the owner of similarly-prevalent banking botnet SpyEye, and the two have been reported to be working together since that time. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
collaboration ip isp malware networking security trojan zeus

Partner Content

Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?