The Zeus Trojan is a kind of Trojan that infects Windows-based computers and steals banking and financial information. When it infects a computer, it looks for personal data such as email usernames and passwords as well as online financial and banking records associated with the personal information. The data are then sent to remote servers and then collected by the hacker who can then proceed to commit financial fraud by using the stolen information.
The Zeus Trojan is also known as Zbot.
Techopedia explains Zeus Trojan (Zbot)
The Zeus Trojan is used by hackers to steal information relating to online banking. The stolen information is then sent to remote servers controlled by the hackers, who then use it to log on to the victims' accounts to make unauthorized (however, in this case, the system sees the transaction as authorized because of correct log-in information) money transfers to various hidden accounts and "money mules" to hide the electronic trail and make it hard for authorities to determine exactly where the money went.
The Zeus Trojan was first identified in 2007 when it was used to steal various pieces of information from the U.S. Department of Transportation, and it was estimated by security analysts that by 2009 it had already infiltrated more than 74,000 accounts, including those from banks, financial and non-financial institutions such as the Bank of America, Oracle, NASA and Amazon.
In 2010, the FBI arrested more than 100 conspirators believed to be spreading the virus from the USA, UK and Ukraine. The virus, which comes in a packaged installer complete with resources such as remote server programs and instructions, is readily available for hackers and is sold for $700 to $1500, but the source code is believed to have been leaked in 2011, ensuring that there are now a lot of other Trojans based on Zeus.
Standard methods of removing the Trojan still apply such as using a "reliable" anti-spyware program or manually removing the executable file of the program, which is usually named along the lines of "088709.exe".