Wednesday, May 11, 2011

The Downfall of the Mighty – Zeus Trojan’s Source Code Leaked and Now Available Everywhere

Via RSA FraudAction Research Labs -

Word of yet another historical moment in cybercrime is quickly spreading through the fraud underground and through the legitimate web – the Zeus Trojan’s source code has been made public and is now freely available to anyone wanting a piece of the infamous old “King of Trojans.”

It appears that the Zeus source code has been leaked almost in full – either due to a mishap of some sort, or intentionally exposed by its current owner – hacker and coder “Gribodemon”/ “Harderman”. The entire source code, minus one interesting folder titled “Worm”, has been made available online, reaching even as far as malware researcher chat groups on some social networking sites.

The mere fact that code has somehow been leaked has raised some eyebrows; RSA Research Lab engineers have raised a suspicion that “Harderman” is behind an intentional leak, aiming to abolish the Zeus code’s value once and for all and increasing the sale of his hybrid SpyEye Trojan. The fact that the newest feature was missing from the leaked source code – most probably a replication mechanism planned for the Zeus Trojan – seems to hint to the possibility of an intentional leak.

By exposing Zeus this way a few developments may follow:
  • Malware code writers, other than those on “Harderman’s” team, may pick up where Zeus’ original coder left off and attempt to further develop the code, continuing to sell it to fraudsters.
  • Code writers may freely create and sell Zeus Trojan builders – for a fraction of its original price tag.
  • Zeus binaries may increasingly be sold by long time Zeus owners in SaaS mode, priced “per variant”
  • The Zeus code could be dispersed into the hands of many, causing its corruption and devaluation, rendering it obsolete.
  • SpyEye may continue rising as the Trojan of the chosen few – a crimeware tool par excellence made for cyber criminals who can afford the best.
  • SpyEye will likely replace Zeus as the only advanced crimeware code commercially available, along with support, upgrades and a strong development team running the arms race against online banking fraud prevention.


Don't believe ZeuS was a professional developed cybercrime tool? Check this...

ZeuS User Guide

No comments:

Post a Comment