Small biz banks raided

Zeus

The program that's causing all the trouble is called Zeus or Zbot. It comes in 1000 different flavours and it comes with dodgy emails and through scam messages on social networking sites. Small business is being targeted because it will typically have a large bank account and small security infrastructure.

Precautions

Zeus isn't a virus as such, it's a Trojan. This means it doesn't replicate itself and it doesn't alter the contents of a computer, which is the definition of a virus – that's right, if you have a good antivirus system installed then you're no longer covered.

Instead a Trojan sneaks into your computer when you hit a dodgy link, like one of those emails from a bank urging you to log on to your account – which you realise, on reflection, you don't have – and lurks there intercepting information.

Zeus in its basic form attacks a lot of smaller computers but more sophisticated versions will intercept data and perform transactions at the same time, meaning that immediately the problem is detected the damage is done.

Unpleasant wrinkle

It gets slightly worse. In the US, some banks are claiming that since their computers aren't compromised while those of their customers are, they don't have to accept liability for any losses incurred.

Technically this would be true, but I have a lot more time for British banks like NatWest which are issuing free security software to protect customers' identity. Granted many hackers and virus writers will see this as a challenge and start rising to it, but it's at least a co-operative step.

Meanwhile in the US a number of small businesses are having to sue their banks to get their money back.

Links (Opens new windows)

FT report
Symantec
Kaspersky
Sophos