What Zeus Virus Does to Computers?

The Zeus Virus can do a number of nasty things once it infects a computer, but it really has two major pieces of functionality.

First, it creates a botnet, which is a network of corrupted machines that are covertly controlled by a command and control server under the control of the malware’s owner. A botnet allows the owner to collect massive amounts of information or execute large-scale attacks.

Zeus also acts as a financial services Trojan designed to steal banking credentials from the machines it infects. It accomplishes this through website monitoring and keylogging, where the malware recognizes when the user is on a banking website and records the keystrokes used to log in. This means that the Trojan can get around the security in place on these websites, as the keystrokes required for logging in are recorded as the user enters them.

Some forms of this malware also affect mobile devices, attempting to get around two-factor authentication that is gaining popularity in the financial services world. Originally, the Trojan only affected computers running versions of the Microsoft Windows operating system, but some newer versions of the malware have been found on Symbian, BlackBerry and Android mobile devices.

The creator of the malware released the Zeus source code to the public in 2011, opening the doors for the creation of a number of new, updated versions of the malware. These days, even though the original Zeus malware has been largely neutralized, the Trojan lives on as its components are used (and built upon) in a large number of new and emerging malware.

How the Zeus Virus Infects Computers ?
The Zeus Virus has two main methods of infection:

Spam messages
Drive-by downloads
The spam messages often come in the form of email, but there have been social media campaigns designed to spread the malware through messages and postings on social media sites. Once users click on a link in the email or message, they are directed to a website that automatically installs the malware. Because the malware is adept at stealing login credentials, it can sometimes be configured to steal email and social media credentials, enabling the botnet to spam messages from trusted sources and greatly expand its range.

Drive-by downloads happen when the hackers are able to corrupt legitimate websites, inserting their malicious code into a website that the user trusts. The malware then installs itself when the user visits the website or when the user downloads and installs a benign program.