The Zeus Trojan is widely hailed as one of the most dangerous pieces of malware to ever surface in the wild, and the malicious code continues to spread.
Security firm Trusteer reports that a recent survey has revealed an increasing number of websites are now known to host Zeus variants.
The report also shows that a growing number of networks are hosting command and control operations for Zeus-based botnets.
“The increasing usage of automated registration and servicing systems on the internet means that human operator monitoring of hosted systems has become less frequent in those countries with good internet access."
“As well as driving the cost of hosting downwards, this has the worrying effect of making it all too easy to register and set up a C&C and/or Zeus-infected website plus allied systems, and using the platform to infect the general internet user community.”
The Zeus Trojan can lay dormant for long periods until the user of the infected machine accesses banking accounts, Zeus then harvests passwords and authentication codes.
Trusteer, who specializes in enterprise and consumer vulnerability issues, previously reported they had detected the use of man-in-the-middle and social engineering tactics in conjunction with Zeus, and the Associated Press reported that the malware had also been modified to target enterprise bank accounts.
Security researchers at McAfee warned of a merger of the Zeus Trojan and Spyeye tools last fall, and it appears as if the first toolkit combining the exploits arrived on the black market early this year.
The Zeus Trojan is thought to have netted millions of dollars from victims by spreading through tainted communications designed to look like messages from trusted contacts at popular social networking sites.