Zeus Trojan: The father of them all

The newly discovered Zeus Trojan is a blackmailer, robber and spy—all in one. Zeus has become widespread only recently though. Investigations by antivirus specialists at Kaspersky Labs have revealed it to the public. It was detected as “gpcode.ai”, a Trojan which encodes files on affected computers and releases them again only after a ransom is paid. Some details struck the experts, who discovered more to this Trojan than first met the eye: gpcode.ai marks its presence with the “_SYSTEM_64AD0625_” String in the RAM. This string is suspected to be in many of the latest Malware programs. The Trojan gets installed in the system as ntos.exe and downloads the file zeus.exe and zupa.exe and connects to the network of infected “bots” already in existence. Zeus.exe is an aggressive snooper. Zupa.exe communicates with the botnet center and receives instructions. According to Kaspersky, one of the Zeus networks that got shut down comprised of more than 100,000 zombie PCs before it was detected.