Zeus is a well-known Trojan Horse that steals financial information from a user’s browser using man-in-the-browser key logging and form grabbing. Additionally, Zeus installs a backdoor on the machines it infects, so these machines can become part of a botnet used for distributed denial-of-service (DDoS) attacks and other malicious activities.
Zeus was first detected in 2007 when it was used to attack the United States Department of Transportation, however, it did not become significantly widespread until March 2009. Attacks involving the use of Zeus occurred throughout 2010, including an October 2010 attack by a large organized crime ring attempting to steal over $70M from individuals in the US with Zeus-infected computers. The FBI made over 90 arrests of suspected members in the US, and various others were arrested in the UK and Ukraine in connection with the attack.
In May 2011 the source code of the version used then of Zeus (v2) was leaked, leading to various customized Zeus-based bots being created. Some of the more advanced custom bots based on the leaked code (such as Ice IX) attempted to fix many of the existing issues with Zeus rendering it even harder to detect. However, many security researchers have discovered that even the most well-known custom versions are extremely similar to the original leaked Zeus source code, and are therefore not significantly more innovative or dangerous.