Up to 88% of Fortune 500 companies may have been affected by the Zeus trojan, according to research by RSA's FraudAction Anti-Trojan division, part of EMC. The trojan installs keystroke loggers to steal login credentials to banking, social networking, and e-mail accounts.

The botnet was first identified in 2007 and is still around today. The malware tends to be difficult to detect and remove, and several million machines worldwide are believed to be infected. The Zeus server-side components, used to collect the stolen data, surprisingly mimic techniques more commonly seen in the world of commercial software; the software is licensed (with fees ranging from several hundred to a few thousand dollars), and each installation is tied to the hardware it's installed on in a system reminiscent of Microsoft's software activation. The malware itself predominantly attacks Windows XP machines, though Windows Vista and Windows 7 variants are available for sale too.

The value of Zeus control servers is such that they have themselves become targets for hackers, seeking to steal the large caches of stolen data.

RSA's study examined data found on Zeus control servers, finding e-mail addresses and IP addresses belonging to many major corporations. There was evidence of some form of infection from almost all the Fortune 500 companies, with stolen e-mail in particular from around 60% percent. About 20 companies with significant consumer-focused brands such as Google were excluded from the study as the sheer volume of data prevented any meaningful analysis.

Smaller companies (those with fewer than 75,000 employees) appeared to have a higher proportion of infected employees, suggesting that perhaps larger corporations are more effective at securing their systems and data. Home computers not subject to corporate IT policy but used to access corporate mail and networks are a particularly high risk.