{
	"id": "6c7974c1-d94e-4769-8c0d-f55932510237",
	"created_at": "2026-04-06T00:10:48.127135Z",
	"updated_at": "2026-04-10T03:24:29.293091Z",
	"deleted_at": null,
	"sha1_hash": "2c369cf3f499b317a7e483ebdf7638c730edad3f",
	"title": "Zeus Virus",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50232,
	"plain_text": "Zeus Virus\r\nBy Kaspersky\r\nPublished: 2017-09-28 · Archived: 2026-04-05 15:13:39 UTC\r\nVIRUS DEFINITION\r\nAlso Called: Zbot, Zeus Gameover, Trojan-Spy.Win32.Zbot\r\nVirus Type: Malware | Botnet\r\nWhat is Zeus Virus?\r\nZeus Virus (or Zeus Trojan malware) is a form of malicious software that targets Microsoft Windows and is\r\noften used to steal financial data. First detected in 2007, the Zeus Trojan, which is often called Zbot, has become\r\none of the most successful pieces of botnet software in the world, afflicting millions of machines and spawning a\r\nhost of similar pieces of malware built off of its code. While the threat posed by Zeus dwindled when its creator\r\npurportedly retired in 2010, a number of variants showed up on the scene when the source code became public,\r\nmaking this particular malware relevant and dangerous once again.\r\nWhat Zeus Virus Does to Computers\r\nThe Zeus Virus can do a number of nasty things once it infects a computer, but it really has two major pieces of\r\nfunctionality.\r\nFirst, it creates a botnet, which is a network of corrupted machines that are covertly controlled by a command and\r\ncontrol server under the control of the malware's owner. A botnet allows the owner to collect massive amounts of\r\ninformation or execute large-scale attacks.\r\nZeus also acts as a financial services Trojan designed to steal banking credentials from the machines it infects. It\r\naccomplishes this through website monitoring and keylogging, where the malware recognizes when the user is on\r\na banking website and records the keystrokes used to log in. This means that the Trojan can get around the\r\nsecurity in place on these websites, as the keystrokes required for logging in are recorded as the user enters them.\r\nSome forms of this malware also affect mobile devices, attempting to get around two-factor authentication that is\r\ngaining popularity in the financial services world.\r\nOriginally, the Trojan only affected computers running versions of the Microsoft Windows operating system, but\r\nsome newer versions of the malware have been found on Symbian, BlackBerry and Android mobile devices.\r\nThe creator of the malware released the Zeus source code to the public in 2011, opening the doors for the creation\r\nof a number of new, updated versions of the malware. These days, even though the original Zeus malware has\r\nhttps://usa.kaspersky.com/resource-center/threats/zeus-virus\r\nPage 1 of 3\n\nbeen largely neutralized, the Trojan lives on as its components are used (and built upon) in a large number of new\r\nand emerging malware.\r\nHow the Zeus Virus Infects Computers\r\nThe Zeus Virus has two main methods of infection:\r\nSpam messages\r\nDrive-by downloads\r\nThe spam messages often come in the form of email, but there have been social media campaigns designed to\r\nspread the malware through messages and postings on social media sites. Once users click on a link in the email or\r\nmessage, they are directed to a website that automatically installs the malware. Because the malware is adept at\r\nstealing login credentials, it can sometimes be configured to steal email and social media credentials, enabling the\r\nbotnet to spam messages from trusted sources and greatly expand its range.\r\nDrive-by downloads happen when the hackers are able to corrupt legitimate websites, inserting their malicious\r\ncode into a website that the user trusts. The malware then installs itself when the user visits the website or when\r\nthe user downloads and installs a benign program.\r\nHow to Protect Yourself\r\nPrevention through safe Internet practices is always the first step in staying safe from the Zeus malware. This\r\nmeans avoiding potentially dangerous websites, like those offering illegal free software, adult material or illegal\r\ndownloads, as the owners of these types of websites often have no problem allowing malware owners to host their\r\nsoftware on the site. Being safe also means not clicking on links in email or social media messages unless you\r\nwere expecting the message. Remember: Even if the message is from a trusted source, if that source is afflicted\r\nwith Zeus, the message could still be corrupt.\r\nStaying safe also means being safe when interacting with financial institutions while online. Two-factor\r\nauthentication, where the website sends a confirmation code to a mobile device to confirm the login, is a must.\r\nRemember, though, that some offshoots from Zeus have also infected mobile devices, so using this kind of\r\nauthentication shouldn't be seen as a cure-all.\r\nA powerful, updated antivirus solution is a must. These kinds of solutions will not only help protect you from\r\nvisiting unsafe websites where you might find the Trojan, but can detect the Trojan when it downloads, tries to\r\ninstall or tries to run. Additionally, these solutions can scan your system and remove the malware if it already\r\nexists on your machine.\r\nWhile there are a number of antivirus solutions out there, including a number that offer a free trial period, it's\r\nimportant to choose one that's from a leader in the industry that updates their solutions constantly. The fact that the\r\nZeus source code is public means that there will be no end to the damage that this malware can do, and every few\r\nyears you can expect that new versions of the malware will arise. Only a security vendor that is constantly vigilant\r\nagainst new threats has what it takes to truly protect you from the Zeus Trojan in the future.\r\nhttps://usa.kaspersky.com/resource-center/threats/zeus-virus\r\nPage 2 of 3\n\nThe Zeus Trojan has come a long way in just a few years, coming out of nowhere to infect millions of computers\r\naround the world in a relatively short amount of time. Even though the original creator may not be running the\r\nmalware any longer, the fact that its code is online and constantly being talked about, updated and improved upon\r\nwithin hacker circles means that it will continue to be a threat for years to come. Understanding that it's out there\r\nand taking steps to keep yourself, your finances and your family safe is imperative for anyone who wants to avoid\r\nthe headache and financial pain of identity theft.\r\nKaspersky Internet Security received two AV-TEST awards for the best performance \u0026 protection for an internet\r\nsecurity product in 2021. In all tests Kaspersky Internet Security showed outstanding performance and protection\r\nagainst cyberthreats.\r\nOther articles related to Zeus Trojan Malware\r\nUnderstanding SPAM and Phishing Scams\r\nInternet Threats and Computer Viruses\r\nWhat you Need to Know about Trojan Horse Virus\r\nIdentity Theft and Personal Data Security\r\nWhat to Do if Your Identity is Stolen: A Step-By-Step Guide\r\nRelated Products:\r\nKaspersky Premium Antivirus\r\nDownload Kaspersky Premium Antivirus with 30-Day Free Trial\r\nKaspersky Antivirus for Mac\r\nKaspersky Antivirus for Android\r\nSource: https://usa.kaspersky.com/resource-center/threats/zeus-virus\r\nhttps://usa.kaspersky.com/resource-center/threats/zeus-virus\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://usa.kaspersky.com/resource-center/threats/zeus-virus"
	],
	"report_names": [
		"zeus-virus"
	],
	"threat_actors": [
		{
			"id": "dfee8b2e-d6b9-4143-a0d9-ca39396dd3bf",
			"created_at": "2022-10-25T16:07:24.467088Z",
			"updated_at": "2026-04-10T02:00:05.000485Z",
			"deleted_at": null,
			"main_name": "Circles",
			"aliases": [],
			"source_name": "ETDA:Circles",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434248,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2c369cf3f499b317a7e483ebdf7638c730edad3f.pdf",
		"text": "https://archive.orkl.eu/2c369cf3f499b317a7e483ebdf7638c730edad3f.txt",
		"img": "https://archive.orkl.eu/2c369cf3f499b317a7e483ebdf7638c730edad3f.jpg"
	}
}