Zeus Found in the Cloud

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Slide Show

Five Places Where Malware Hides

Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.

Zeus is in the news again, and this time, the Trojan is hiding in the cloud.


According to PC World, the latest Zeus configuration was found monitoring the log-in Web page of a Canadian company, Ceridian Canada, which provides human resources and payroll services. PC World stated:

The malware steals user IDs, passwords and company numbers when users authenticate on Ceridian's clients.powerpay.ca website from infected computers and automatically takes screenshots of their answers to the site's image-based verification system.

Amit Klein at Trusteer pointed out in his blog the reasons why criminals are using Zeus to attack in the cloud and why they are going after payroll information. Targeting payroll, he said, allows the criminals to steal a lot more money than targeting individual customers, and by targeting data in the cloud, the criminals can bypass a lot of the security authentication steps online banking sites are now using. Klein said:

In a cloud service provider environment, the enterprise customers who use the service have no control over the vendor's IT systems and thus little ability to protect their backend financial assets.

That the bad guys are targeting payroll is a new twist and should definitely be noted by anyone who is responsible for keeping human resource data secure. However, in my opinion, the big-picture takeaway is that the Zeus Trojan configuration is likely a sign of things to come - malware that is going to specifically target the cloud.


Surveys have shown that companies have been apprehensive about moving to the cloud, largely because of security concerns and questions of who is responsible for securing the data in the cloud. Cloud Passage released a survey earlier this year that found 20 percent of the 164 respondents do not secure their cloud servers at all and 31 percent depend on their cloud provider to be responsible for security.


Passing the buck or expecting someone else to protect your data isn't going to keep anything secure. Klein recommended taking a layered approach to protecting the data in the cloud, with anti-malware software, firewalls and so on. But it may also be wise to think about the information that you store in the cloud. Until cloud security is better defined, at least within the company, keeping financial data and other extremely sensitive information out of the cloud and on a dedicated server may be the safest way to go right now.