ABSTRACT
Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. The Zeus threat is actually composed of three parts: a toolkit, the actual Trojan, and the C&C server. The toolkit is used to create the threat, the Trojan modifies the compromised computer, and the C&C server is used to monitor and control the Trojan. Regardless of the version, the toolkit is used for two things. First, the attacker can edit and then compile the configuration file into a .bin file. Second, they can compile an executable, which is then sent to the potential victim through various means. This executable is what is commonly known as the Zeus Trojan or Trojan.Zbot. The ease of use of the toolkit user interface makes it very easy and quick for nontechnical, would-be criminals to get a piece of the action.
