ISP Virgin Media is now using organisations such as The Shadowserver Foundation to work out which of its customers might be part of botnets spreading the dangerous Zeus online banking Trojan.
If a third-party identifies a suspect connection, the company will then write to the affected customer outlining how they can remove Zeus using online tools or through the company’s paid-for Digital Home Support service.
This process hands the work of removing Zeus and other malware to the Virgin Media Security security software package that comes with Virgin’s ISP package, which currently uses the BitDefender antivirus engine, one of the few reliably able to detect the latest versions of the malware.
It is unusual for an ISP to admit to using third-party organisations to detect botnets, but perhaps Zeus is now serious enough to break convention. Last week, in only its latest detected attack, UK-US company M86 Security revealed that Zeus v3 had successfully hacked the online bank accounts of 3,000 UK customers of a large high-street bank, stealing just over $1 million.
The company does not make any widespread use of internal botnet detection technology or if it does it won’t say so for fear of making users wary of covert monitoring.
“We don’t identify the spread of botnets ourselves because that could be an invasion of privacy,” said a source at Virgin Media.
“We’re writing to customers we’ve been told may be infected by malware, encouraging them to check their computers have an up to date security package, such as Virgin Media Security, and offering advice on simple and free ways to disinfect their computer,” added Jon James, executive director of broadband at Virgin Media.
“For those who need a little bit more help we also have our fee-based Digital Home Support service which fixes problems using the latest cutting edge remote control technology,” he said.
BitDefender has made a speciality of Zeus detection so its anti-Zeus credentials are currently good. Other security companies are not believed to be doing such a good job, which raises the bigger question of how customers can block Zeus in the first place. The Trojan also targets a number of common vulnerabilities in widelyused programs which many users either haven’t patched or simply don’t grasp need patching at all.