BIoT Canada

Beware of Zeus, warns IT360 keynote speaker

Security expert outlines threat it and other computer viruses are having on organizations of all sizes.

May 1, 2010  

Print this page

The computer virus Zeus Bot represents a strong reason why large organizations should not allow employees to log on to a corporate network from their personal machine, says Gary Warner, Director of Research in Computer Forensics at the University of Alabama.

Warner, the keynote speaker at the IT360° Conference and Expo held in April in Toronto, specializes in security, phishing and network intrusion and has assisted both the U.S. Department of Homeland Security and the FBI.

In an alert issued last year, Warner said that fake Internet postcards in circulation through e-mail inboxes worldwide are carrying links to the virus.

“Once the virus is on a computer it becomes a part of the Zeus Botnet and is able to steal Web site data from victims,” he said. “The malware uses a graphical user interface to keep track of infected machines throughout the world and is equipped with tools that allow the criminals to prioritize the banks and related stolen accounts they want to strike.”

In February, NetWitness, a Herndon, Va. security firm, announced that it had discovered a dangerous new Zeus botnet that infected 75,000 systems in 2,500 organizations.

The virus, the firm said in a release, gathers login credentials to online financial systems, social networking sites and e-mail systems. That information is then sent to “miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identifies.”

In front of a standing room only crowd in the Metro Toronto Convention Centre, Warner, recalled how he first came across the virus.

“A bank called me and said ‘we don’t know what on Earth is going on. We have a user who lost a great deal of money. We asked him to let us take control of his machine and when we go to our Web server, we are seeing extra questions on a form. We’re watching him log in. Yet, three questions appear that we don’t have.’

“It really freaked them out. I told them to go out and buy the customer a new computer and send the old computer to me.”

During the presentation, Warner spoke at length about Koobface, the social engineering malware that he said acts as command and control for Zeus. He outlined seven Canadian Web sites currently distributing Koobface, likely the result of an infected machine owned by the Web Master of each site.

These included Stevens Large Tree Sales based in Stouffville, Ont. and Brussels Livestock, a division of Gamble & Rogers Ltd.

He warned that in order to reduce the malware problem, both technical and non-technical staff in an organization need to be aware of the risk.

“There are currently thousands of Web sites that have Koobface on it,” said Warner. “If you hit one of them, that’s it — your computer is now owned by Chinese, Ukrainian or Korean hackers.”

Other speakers at IT 360° included Mike Sullivan, chief technology officer with Alliance Technologies, who following his presentation on virtualization, talked about changing structured cabling needs.

“While the overall network cabling drops because you are going from hundred servers to 10, the per server cabling actually goes up because they need a great big fat pipe to keep them happy. GigE is not enough,” he said.

“Right now, two 10 GigE pipes would probably keep a server happy. The reason I say two is that in case one dies. It gives you redundancy. We are thinking of rolling out some seminars later in the year on 10 GigE.”