Last month I wrote about the Zeus Trojan and its infiltration of the banking industry. As I mentioned then, Zeus isn't a new virus, with activity going back a couple of years, but it was recently announced that Zeus was responsible for infecting more than 70,000 PCs.
Well, it appears that Zeus is still in the news, and it still gives IT security personnel and those in the banking industry nightmares. At this week's RSA 2010 Conference, the Zeus Trojan was a topic of discussion. In an article in Information Security magazine, Marcia Savage quoted David Shroyer, vice president of online security and enrollment at Bank of America, who said the complexity of the Zeus Trojan is what makes it scary, and methods to address the threat become outdated too quickly. Savage wrote:
Shroyer also highlighted the difficult balancing act banks must play when it comes to security and the ease of use customers want. Users won't necessarily be amenable to being told to use only a certain browser, deploy encryption or other security restrictions, Shroyer explained. "This is the battle we face with 30 million online customers."
Panelists at the RSA discussion, Savage added, suggested working together to fight cyber crime, starting with sharing information about attacks while protecting consumer privacy. Also recommended: Use agencies such as the National Cyber-Forensics and Training Alliance to share information and learn strategies to attempt to ward off the next attack.