British police have made the first arrests in Europe of two people for using Zeus, a sophisticated malicious software program that can scoop up any sensitive information on a PC.
A man and woman, both 20 years old, were arrested in Manchester, on 3 November, said the Metropolitan Police's Central e-Crime Unit (PCeU). The pair, who have been released on bail, will face charges under the 1990 Computer Misuse Act and the 2006 Fraud Act.
Zeus is an advanced piece of malicious software. If installed on a PC, it can send spam, steal financial or other data or conduct a distributed denial-of-service attack against other computers. Machines infected with Zeus are essentially a botnet.
Those who have developed Zeus have also tailored it to be easy-to-use for less technical criminals, according to security vendor Symantec.
Zeus can be bought as a toolkit, which can create a unique Zeus variant. The toolkit also has a control panel for managing where Zeus will be hosted. Zeus will attack computers visiting a certain infected Web site by looking for software vulnerabilities in the victim's computer.
In the case of the two people arrested, Zeus had been configured to steal online bank account details and passwords and send that information to remote servers, according to police.
Police said the two people used Zeus to "harvest millions of lines of data from affected machines - hundreds of thousands per day."