ZeuS Source Code Already in the Wild
For about two weeks now, the ZeuS source code has been making its way around to different people. Many people have been offering it up for sale on multiple forums, but lots of times it is only pieces of the code and not everything. There are also conflicting reports about important pieces of the code missing, not allowing it to work, or that everything is there except the modules that can be added in.
This has taken a recent turn however, due to the fact that source code was reportedly uploaded to a file sharing site and then the link was posted to a malware forum.
The catch is that the uploaded file is a .RAR file, and is password protected. You can look through the .RAR file and check that everything is there for the source code but you can’t actually look at the contents of the files due to the password protection. Multiple people are taking a crack at trying to bruteforce the password for the .RAR file, but so far no one that I know of has been able to crack it. There are even reports that some people in law enforcement are looking at it.
What does this mean in the long run though?
We are predicting that soon the source code will be in the hands of anyone that wants it. This could be potentially dangerous, but only if it gets into the hands of people who really know how to use it. The source code is written in C++ and requires someone with a fair knowledge of C++ to really figure out the code. It would not be possible for an average person to rip parts of the code out to use in their own malware.
A lot of this code, I have been told, is linked together through macros so if you try to pull out a piece of it then it will not work. Gribodemon , the author of SpyEye, posted a message on a Russian forum saying that the Zeus author, Slavik/monstr, sold the code to another person (for around 15K. Gribodemon also has a copy of the code) , that was supposed to use it and expand on its functionality. Apparently this person really didn’t know how to use the code and instead started to resell it to others. That is what has lead up to where we are now. Trend Micro will continue to keep an eye on this possible threat and update this blog with any new developments.
Post from: TrendLabs | Malware Blog – by Trend Micro
ZeuS Source Code Already in the Wild
Spotlight
Cloud Computing
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- DHS needs better sharing plan, experts say
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- SEC may ask for more information after cyberattacks
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet