Prolexic, a division of Akamai, issued an advisory to Fortune 500 firms on Monday about what it calls “a high-risk threat of continued breaches from the Zeus framework.”
The company’s Security Engineering & Response Team (PLXsert) said on Monday that it has observed new payloads from the Zeus crimeware kit in the wild, and that networks of Fortune 500 companies are a prime target. Cyber crime groups are using Zeus to steal login credentials and gain access to web-based enterprise applications, as well as online banking accounts, Akamai warned.
“The Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai, in a statement. “It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries.”
A variant of Zeus, Gameover, was the subject of a major, international law enforcement crackdown last week. The Gameover botnet is believed to have enlisted as many as one million infected computers worldwide to steal millions of dollars from businesses and consumers. Gameover used a sophisticated Peer-to-Peer command infrastructure to sidestep attempts to shut it down. In the takedown, U.S. and foreign law enforcement officials were able to seize computer servers that acted as “command and control” nodes for the botnet as well as the Cryptolocker malware.
The warning from Prolexic suggests that Zeus, which was turned into an open source software project in 2011, will continue to be a headache for organizations and individuals, despite the recent crackdown.