Cheap Zeus source code will generate more Trojan variants
Posted on 05.04.2011
Barely two months after cybercriminals put the source code of Zeus up for sale at $100,000, reports are now coming in that the source code is being offered at bargain basement prices from multiple sources, says Amit Klein, CTO of Trusteer.

It seems that market forces have taken over, with the code's exclusivity and price have taken consequential tumbles.

"We've observed before that that the old adage of there being no honour amongst thieves applies equally to the cybercriminal world, and now it seems that this even truer when it comes to electronic crime," he said.

"We said at the start of February that our research teams were seeing multiple variants of Zeus appearing on users' machines, and now our colleagues over at Trend Micro are reporting that the source code being offered for sale on multiple forums from different people," he added.

As Kevin Stevens at Trend Micro said in his blog of late last week that elements of the source code have been available for a couple of weeks, but now it appears that matters have become serious after the code is being file-shared amongst potentially hundreds of users.

The only piece of good news to stem from this file-share of Zeus' source code is that the RAR files are reported to be password protected, but there are also reports, says Klein, that some groups of attackers are attempting to brute force hack the password.

This means it is only a matter of time before the source code for Zeus is released in the wild at little or no cost, a step that potentially means that thousands of cybercriminals can then develop toolkits to maximize their revenues from the malware, he explained.

This, says Klein, is a very worrying step, as it means that toolkits based on Zeus malware will then potentially be in the hands of so-called script kiddies.

"As we said in early February, the extensible nature of Zeus, and its flexible ability to be recoded, means that the malware is likely to continue to be problem for financial users of the internet, and their organizations, for some time to come," he said.

"What we didn't foresee was how rapidly this prediction would turn out to come true, and on a vastly larger scale than anyone could have foreseen. We may yet see even more variants of Zeus appearing on a larger scale - and shorter timeframe - than anyone could have predicted," he added.

"And it's against this backdrop that we are urging all users of the Internet, whether business or consumer, to patch their software and update their security applications and download Trusteer Rapport without delay. We also strongly recommend that they look at their options to better defend their Web surfing activities."





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //