Microsoft added detection and removal capabilities for the ZeuS financial malware (also known as Zbot and WSNPoem) to its Malicious Software Removal Tool (MSRT) on 12th of October, http://blogs.technet.com/b/mmpc/archive/2010/10/12/msrt-on-zbot-the-botn..... It is meant to help prevent the infection and spread of the most prevalent forms of malware. With MSRT out in the field, Trusteer’s research organization decided to evaluate its effectiveness in detecting and removing ZeuS. Trusteer tested MSRT against hundreds of Zeus files, and found that MSRT detects Zeus 2.0 about half (46%) the time, but is unable to detect the new 2.1 version of this financial Trojan. The good news is that MSRT has/will be able to kill approximately half of the Zeus population. This detection rate is very respectable since most antivirus solutions, if not all, have a much lower detection rate. However, this low detection rate also emphasizes how hard it is to remove Zeus.
- Neil Stinchcombe
- InfoSecurity
- Posted On