Related Links

Related Stories

  • Zeus adds investment fraud to its extensible range of activity
    The extensible code at the heart of the Zeus malware has spawned a new type of fraud designed to lure unsuspecting internet users into clicking through and infecting their machines. This time, reports Trusteer, the malware is targeting investment fraud, with rates of return reaching the 32% mark.
  • Cheap Zeus source code for sale
    Just two months after the Zeus source code was reportedly offered for exclusive sale for $100,000, it seems that the code is now being offered at bargain basement prices through multiple outlets.
  • SpyEye and Zeus cybercriminals DDoS blast web security services
    It looks like the battle between the cybercriminals behind the recently twinned SpyEye plus Zeus malwares and the IT security industry is being won by the good guys/girls, as the developers behind the two trojan/botnet darkware applications are reportedly very frustrated with the success of ZeusTracker and SpyEyeTracker.
  • Internet banking security? It's "trivially vulnerable" against Zeus says researcher
    The number of banking incidents where cybercriminals have siphoned off funds has been rising and, in one recent instance, criminals drained a company account of $63,000. And after investigating the case, as well as several others, a leading security researcher has found the "meagre security measures" of banks to be wanting.
  • Zeus malware appears with fake digital certificate
    A German IT security vendor has discovered a version of Zeus that has been signed with its own digital certificate – a move that could fool some corporates into installing the malware thinking it is a legitimate piece of code.

Top 5 Stories


Zeus source code: from $100K to free in a matter of months

12 May 2011

Reports are coming in that the source code for Zeus, a long-running trojan that has been modified many times since the summer of 2007, is now available on several underground forums.

According to Peter Kruse, a security researcher with CSIS, the code appears to have leaked to at least two dark market forums.

As reported previously by Infosecurity, Zeus' source code was originally offered for $100,000 back in February, a price tag that reportedly fell to $5,000 within a few weeks, culminating last month with elements of the source code being file-shared on BitTorrent.

Now it appears the entire code is now available for free online, as Kruse says he spotted the source being released to the masses on several underground forums last weekend.

"We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm", he said in his latest security blog.

"Zeus/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable", he added.

The CSIS researcher went on to say that, with the release and leakage of the source code the malware could easily become even more widespread and an even bigger threat than it already is today.

Lucian Constantin, Softpedia's editor, notes that Zeus' creator, Slavik decided last year to leave the public malware writing scene and surprisingly handed over the toolkit's source code to Gribodemon, the author of SpyEye, a rival banking trojan.

"Gribodemon's intention was to port the most successful ZeuS features to SpyEye in order to create one super trojan, a plan that has been put into action to some extent", he says in his report on this latest twist in the long-running Zeus saga.

"Hopefully, the availability of the code will also help antivirus vendors to create better signatures that are able to detect most variations of the trojan", he adds.

This article is featured in:
Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×