Zeus Trojan returns to victimize Japanese banks

The Trojan that began stealing banking information in 2007 resurfaces in Japan.

Zeus was recently spotted during multiple assaults targeting consumers in Japan, said Japan’s National Police Agency. The most recent version of Zeus hit five large Japanese banks with attacks resembling the previous versions, said security firm Symantec.

The latest iteration of Zeus apparently works the same way as its older versions but differs in that it only attacks Japanese consumers. Symantec said that as soon as Zeus contaminates a PC, it tracks the movements of victims visiting the bank’s websites.

Whenever a victim accesses the bank’s website, Zeus inserts an HTML code inside it. This code creates a message that says the bank is enhancing its customer service and is therefore asking the user to resubmit the information entered during the first log-in.

This information includes the user’s password. A Zeus incorporated keystroke logging component records the information the victim supplies.

Zeus only targets Microsoft Windows machines. It does not work on Mac OS or Linux.

Zeus is very difficult to detect even with up-to-date antivirus software. This is the primary reason why its malware family is considered the largest botnet on the Internet:

Some 3.6 million PCs are said to be infected in the U.S. alone. Security experts are advising that businesses continue to offer training to users to prevent them from clicking hostile or suspicious links in emails or on the web while also keeping up with antivirus updates.