According to security researchers with in-browser web security specialist Trusteer, ZeuS is now targetting and attacking companies.
Amit Klein, the firm's chief technology officer, says that once ZeuS is installed on a victims machine, it fetches a configuration file from one of its command and control servers.
The configuration file then, he adds, instructs ZeuS which websites and applications to target, which information to steal, and how to steal it.
In one example cited by its research team, Trusteer says that ZeuS has been seen to attempt to collect data from Citrix VPN tools.
The code appears to be specific to certain Zeus 2.0 installations, and instructs an infected machine to capture and transmit a screenshot of all mouse clicks whenever the text '/citrix/' appears in the browser's address bar.
Because of this issue, Trusteer says that Citrix is recommending that enterprise-grade anti-malware solutions are use on all endpoints to prevent the infection and proliferation of the ZeuS trojan and to generally protect against malware.
Citrix says Klein, is well aware and concerned about the threat of keyloggers and their ability to capture a user's login information for the Citrix Access Gateway.
In order to protect against this type of attack, Citrix has developed a virtual keyboard system, which means that, instead of typing a password on the physical keyboard, mouse clicks are used to press the keys drawn on screen.
This approach, says Klein, prevents keyloggers from capturing keystrokes, since there are none to capture.
"This attack code clearly illustrates that Zeus is actively targeting enterprises and specifically remote access connections into secure networks. Fraudsters are no longer satisfied with simply going after bank accounts. They are also targeting intellectual property and sensitive information contained in company IT networks and applications", he said.
"Users of remote access VPN systems like the Citrix Access Gateway (employees, contractors, and partners) are purposely being targeted because their computers are unmanaged and can easily be compromised with sophisticated malware like Zeus", he added.
Klein went on to say that IT departments should be aware of this threat and take steps to protect their unmanaged computers and remote sessions.
These, he explained, include limiting VPN access to specific applications and users, maintaining up to date malware protection on remote devices, using a secure browsing service to protect VPN connections, and educating users on computer hygiene and secure browsing best practices.