Source Code for Zeus Crimeware Toolkit Disclosed

Wednesday, May 11, 2011



Security researches this week noted the release of source code for the infamous Zeus Trojan.

Files containing the code began to appear over the weekend in underground discussion forums most often used by criminal hackers.

"This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels. We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm," wrote Peter Kruse of CSIS.

The Zeus Trojan is widely hailed as one of the most dangerous pieces of malware to ever surface in the wild, and numerous variants of the malicious code continue to propagate.

The Zeus Trojan can lay dormant for long periods until the user of the infected machine accesses accounts such as those used for online banking. Zeus harvests passwords and authentication codes and then sends them to the attackers remotely.

"We believe this will be used as both inspiration for new and complex banking Trojan variants as well as abused in future attacks. The code can easily be modified and even improved in functionality," Kruse conveyed in an email interview with ThreatPost.

"With the source code in the wild it's likely we'll see an increase in attacks since lots of potential criminals might have been lacking both financials and trustworthiness to obtain their own license of this kit. Now being available as source code we'll likely see a rebranding and slight modifications distributed from various sources," Kruse continued.

While the dissemination of the Zeus source code may put a dent in the lucrative black market sales of the toolkit, the downside is that the disclosure of the code will make the malware widely available to criminal hackers who could not previously afford the average $5000 price tag.

Last month, researchers at security solutions provider Avira have identified a Zeus Trojan variant accompanied by a signed digital certificate. On several occasions, Zeus variants have been detected with forged Kaspersky and Avira digital signatures.

Security firm Trusteer have reported earlier this year that an increasing number of websites are now known to host Zeus variants, and the report also shows that a growing number of networks are hosting command and control operations for Zeus-based botnets.

Researchers at Trend Micro recently revealed that a Zeus Trojan designed specifically to run on the Blackberry operating system has been detected.

Security researchers at McAfee had warned of a merger of the Zeus Trojan and Spyeye tools last fall, and the first "SpZeus" toolkit combining the tools arrived on the black market in January.

Possibly Related Articles:
Viruses & Malware
Trojans malware Cyber Crime Crimeware Zeus Headlines Source Code toolkit Black Market
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.