Symantec is reporting that the mighty Zeus bot network is getting more capability and powerful new features. Read a summary of their thoughts here.
Among the new features seems to be a focus on Windows 7 and Vista systems as opposed to XP. New mechanisms for random file and folder names in an attempt to evade basic detection tools looking for static names and paths are also observed.
Even worse for web users, the manipulation and information gathering techniques of the trojan have been refined and now extend more capability to tamper with data flows when the user is using the FireFox browser in addition to Internet Explorer.
Organizations should note that this trojan has a strong history of credential theft from social networks and other popular sites on the public Internet. Users who use the same credentials on these sites with infected machines can expose their work credentials to attackers. Security teams should step up their efforts to make users more aware of how to secure their home and portable systems, what is expected from them in terms of using unique authentication and other relevant security training.
It’s quite unlikely that the threat of Zeus and other malware like it is going to go away soon. Technical controls are lagging well behind in terms of prevention and detection for these threats. That means that education and helping users practice safer computing is likely to be one of the most powerful options we have to combat these threats.