See all Security articles
See all Privacy articles
See all Performance articles
Select language
Select language
Avast Academy Security Viruses The Zeus Trojan: What it is, How it Works, and How to Stay Safe

The Zeus Trojan: What it is, How it Works, and How to Stay Safe

Zeus virus is a powerful trojan horse most commonly used to steal sensitive information, such as banking details. The malware can infect all versions of Microsoft Windows, can be configured to steal virtually any information hackers want, and even to install the CryptoLocker ransomware on your PC.


What is the Zeus Trojan?

Zeus (also known as ZeuS, or Zbot) has been around since 2006 and is the most widespread banking trojan, having infected tens of millions of computers. The malware is available as a toolkit, so hackers can use the source code to build their own variants.

Hamburguer menu icon

This article contains:

    Once a computer is infected, the ZeuS virus can automatically collect passwords from a Protected Storage, and even take control of your PC to download files, shut down, reboot, or delete system files, causing your computer to crash.

    However, hackers most commonly use it to monitor targeted websites, add fields that weren’t originally there, and steal your information. For example, instead of your username and password, you may be asked for your phone number, date of birth, and other sensitive data which could eventually lead to account theft.

    Who is the Zeus Trojan targeting?

    Anyone using a Windows PC can become a victim. Even with up-to-date antivirus software, this type of malware can be difficult to detect. Tens of millions of PCs have been infected with Zeus, or different versions of it.

    Since its first development, Zbot has been used to steal information from the US Department of Transportation, The Bank of America, NASA, and private companies like, ABC, Oracle, Cisco, and Amazon.

    Where does the Zeus Trojan come from?

    The Zeus virus can make its way to your computer through spam emails or compromised websites. Emails often appear to be sent from legitimate sources — Starbucks inviting you to a special event, Facebook or LinkedIn asking you to log in to accept a friend request, or your bank claiming someone has made a payment in your name, and inviting you to download an executable file to cancel it.

    How to recognize the Zeus Trojan

    Because hackers can code their own Zeus trojans and use stealth techniques to hide them, new variants can be difficult to detect. Random headers, different file extensions and changes to the malware’s encryption help disguise Zbots as legitimate applications.

    Once your computer is infected, the virus remains dormant until you visit one of the targeted websites. That’s when the trojan adds extra fields, asking for your personal details. The information is then sent to remote URLs via HTTP POST, and often sold on the black market.

    How to remove the Zeus Trojan

    Avast Antivirus is able to locate and remove any type of Zeus malware. If the virus is detected on your PC, Avast will send it to the Virus Chest, and then you can safely delete it. It’s not necessary, but it’s recommended that you go offline first.

    How to prevent the Zeus Trojan

    Zeus malware most commonly spreads through spam emails and phishing scams. Keep in mind that that many of these messages might look like they’re coming from trusted sources. A little bit of caution can help prevent Zeus malware from infecting your PC.

    • keep your antivirus up-to-date

    • use Internet protection that helps you avoid spam and fake websites

    • run regular scans to detect suspicious files on your PC

    • avoid spam and misleading messages on social media networks

    • don’t click on suspicious links

    • don’t download unlicensed or unknown software

    Protect your Android from threats

    with free Avast Mobile Security


    Protect your iPhone from threats

    with free Avast Mobile Security