Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

The 10 best online bank security tools

How to protect yourself against the Zeus Trojan

Article comments

Statistics can hide dangerous currents, especially when it comes to the often invisible crime of online bank fraud. The latest figures from the UK Cards Association for January to June 2010 noted a healthy fall in reported online banking fraud to £24.9 million ($40 million), which on the face of it looks like good news.

Perhaps the success of the Zeus Trojan (aka Zbot, Wsnpoem and Kneber), which attacks online bank account holders via PCs, has been over-played then.

Against that there is growing evidence that the online fraud figures could go up in the next report or the one after that. Although unconfirmed, police sources have suggested that the gang behind a recent wave of Zeus attacks on banks could have netted £20 million alone, which makes the £24.9 million figure start to look rather puny. An earlier bust found evidence of around £3 million in scammed bank accounts and credit cards.  

The problem is that the official figures are inevitably a look back at the past. It takes banks months or even years to consolidate losses into an overall figure let alone report them to the Cards Association. The experts, meanwhile, tend to think that attacks will continue for some time.

Apart from conventional barriers such as antivirus, is there any way for a company or consumer to minimise the chances of being hit by Zeus?


The best defence against the latest versions v2 and v3 versions of Zeus – or any bank Trojan of the future – is to pile up layers of protection, starting by making sure the PC is not infected to start with.

A simple if unreliable way is to look for telltale signs of Zeus infection, searching for common files and folders that give away its otherwise silent presence. This is of limited use to non-experts because the file names and registry entries vary so much over time, but it is a start. Zeus might be silent and hard to get rid of but it isn't invisible.

Many antivirus companies have been remarkably low-key about Zeus, perhaps because they are aware of that new variants of the malware seem to be able to evade their antivirus products with alarming ease. The few online scanning utilities worth trying tend to be associated with companies that have used Zeus to push their claimed superior detection of this threat.

Try Bitdefender’s online virus scanner as a starting point. This is pretty basic, runs from the browser as a plug-in (and therefore needs a browser restart), and takes about 60 seconds. Stays resident in browser sessions unless uninstalled.

Then there is Microsoft's own Malicious Software Removal Tool, which now detects Zeus we are told.

Although it doesn’t mention Zeus specifically, another one to try is the Sophos anti-rootkit tool, which should be capable of detecting Zeus’s rootkit-like activity.

Another one worth trying is Trend Micro Housecall scanner or TrustDefender v2 Gold Edition, which isn’t free at £14 ($20 approx) but it does claim to offer online bank protection.

At least one ISP, Virgin, is trying to identify which of if its customers have been infected with Zeus and similar malware using BitDefender’s software.

Note: scanning programs don’t remove the infection, merely detect it. Always use more than one scanner.

Defending the browser

Zeus attacks browsers using the ‘man-in-the-browser’ method and there is an argument that the only way of protecting against it is to site protection within that environment.

Browsers are gradually acquiring more layers of defence such as Google Chrome’s sandbox, but a number of products have recently sprung up to perform much the same function for online banking sessions specifically.

The best-known perhaps is Trusteer’s Rapport browser plug-in (which is free), but which is also being rolled out by some banks to customers. Rapport is slightly different from the more old-fashioned scanners already mentioned in that it is designed specifically to protect online bank sessions from keylogging through hooks into IE and Firefox.

Another bank protection browser plug-in is SafeCentral’s WebProtection, which routes banking sessions through secure DNS in the style of Rapport.

UK security company Prevx offers a browser-protection plug-in called Prevx SafeOnline, which is more of a general security product for that class of software. It should detect Zeus but unlike Rapport costs £25 per license.

Replace the browser

An area of growing popularity is to ditch the mainstream browser altogether for a dedicated, in some cases virtualised version.

The Dell Kace Secure Browser is based on running a sandboxed version of Firefox, which isolates it from the underlying OS and limits the sites designed to be used.

Another version of the same principle comes with IronKey’s S200 USB drive, which includes a similarly virtualised version of Firefox run from the drive itself.

Simpler tools that supplement rather than replace the browser include Trend Micro’s Browser Guard, which blocks malicious attacks based on elements such as Javascript.

Pick the right bank

A final but often ignored defence is the bank itself. However successfully Zeus gets on to the PC, it still has to transmit the stolen login data back to the criminals under the auspices of the botnet’s command and control system. Then the bogus transactions have to move the money from the target account to a mule account without alerting the fraud-detection systems of the bank.

Many online banks encrypt the browser-to-bank session, but this assumes that the browser itself is secure. With Zeus, it isn’t. However, a small number of banks (i.e Nationwide Building Society in the UK) have also implemented transaction security which asks the user to enter a passcode generated as a one-off for certain kinds of transfer, including those to third parties. This code requires a reader specific to that bank, and the ability to enter information the thieves will not have in order to create the code.

The weakness of the system is that it is only partial. Not all banks use transaction security, and even those who do only do so for some transactions. The day could arrive when it is mandatory.


One final and intriguing possibility is to abandon Windows in favour of Linux, at least as far as online banking is concerned. To say it is less attacked would be an understatement.

Ubuntu 10.10 is easy to install, free to use, and comes in desktop and netbook versions. It's fast, secure and runs on almost anything. Perhaps that old laptop has a use after all.


More from Techworld

More relevant IT news


Linux is not cool said: I took you serious until you plugged linux

litework said: Its a fair point Jenska but your point is itself why I think we are a long way from criminals focussing on Linux They will always go with the risk reward effort triangle Why invest time and resource targetting OSs with tiny market share I use a Mac and I would suspect that MacOSX would be next on the financial malware coders hitlist - but Windows will dominate in terms of malware availability for some time to come

buynsell said: Do your banking off a safe live CD not your hard drive Since Windows doesnt have a live CD that would mean Linux BSD Solaris whatever

Jenska said: The thieves will go where the money is Moving to Linux will just create a new class of criminals with better unix skills Worse they could start distributing malware versions of Linux itself

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *