Zeus botnet traced to Latvian operation

University researchers said that the malware - rated as one of the most pervasive in North America for some time - was last week infecting 3.6 million PCs in the US.

Gary Warner, director of forensics with the university, said at the time the fake postcards ask users to click and download to view the contents, and as soon as that click is made, the Zeus Bot malware has infected their computers.

Once the virus is on a computer, he said, it becomes a part of the Zeus Botnet and is able to steal website data from victims.

The Financial Times reports that Zeus has been traced to the Junik server farm in Riga, Latvia. and that the server facility had been rented out to a company called Real Host.

The Zeus botnet has also been linked to Rock Phish, a Russian-led criminal gang blamed for half of the world's phishing attacks to steal card and banking data,

Despite these revelations, it remains unclear how much of the Zeus botnet that Real Host's servers actually control, said the FT, adding that it is difficult to pin-point the centre of a botnet that is as large as Zeus.

Latvia's computing authority is reportedly investigating Real Host for other possible illegal activities, said the paper.

What’s hot on Infosecurity Magazine?