88 percent of firms show Zeus botnet activity

An RSA study finds that nearly 9 out of 10 Fortune 500 companies have computers compromised by the data-stealing Trojan.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

April 14, 2010 6:00 a.m. PT

Most major U.S. corporations--up to 88 percent of the Fortune 500 companies--may be affected by botnet activity from computers compromised by the Zeus data-stealing Trojan, according to an RSA study released Wednesday.

RSA's FraudAction Anti-Trojan services analyzed data stolen by Zeus from infected computers in August and traced evidence back to IP addresses and e-mail addresses belonging to the corporations, said Sean Brady, manager of the Identity Protection and Verification Group at RSA, which is the security division of EMC.

Specifically, "domains individually representing 88 percent of the Fortune 500 were shown to have been accessed to some extent by computers infected by the Zeus Trojan," the study said.

Among the stolen data found on the sites where infected computers drop the stolen data was compromised e-mail addresses from about 60 percent of the firms.

The analysis excluded about 20 consumer-focused brands, Google, due to the sheer volume of data they have on the Web, said Brady.

Companies with fewer than 75,000 employees appeared to have the highest ratio of botnet activity and compromised e-mail addresses to employee counts, according to the report.