Security researchers identify possible successor to Zeus trojan

Ares shares similar design characteristics to the Zeus trojan mainly in its modular design, according to researchers at security firm G Data.

The modular design means cybercriminals will be able to modify the malware whenever required.

The wide range of uses to which Ares can be put means it represents an extremely high risk to the public and businesses, the researchers said.

Ares provides cybercriminals with a simple way of spreading malware via websites, and because it has so many potential variants, it can be used for almost any attack on any target, said Eddy Willems, security evangelist at G Data.

"We believe one of the eventual uses will be to spread Trojans aimed at online banking users. Internet users need to protect themselves by making sure they have anti-malware solutions in place that monitor all HTTP traffic and can block dangerous websites before they are called up on work and personal computers," he said.

Underlining the commercialisation of modern malware, a software development kit for the trojan is available for free to 'trustworthy developers' on condition that a licence fee is paid to Ares' developer when modules are sold on to third parties, said Willems.

Other potential users can buy the development kit for up to $6000, although a 'starter pack' with reduced functionality can also be purchased for $850.

As is customary in the malware industry, said Willems, payment is made via an anonymous online payment service, in this case WebMoney, so that neither the purchaser nor the vendor need reveal their true identity.

In an underground forum, the developer of Ares said every copy is unique, and although is not focused on banking, it has the same banking capabilities as Zeus and SpyEye, which can be added if required.

"I actually consider this more of a platform which is customised to each buyer's liking", the Ares developer said.

G Data expects Ares to begin circulating in numerous forms and to spread rapidly, but warned that it remains unclear who or what the trojan's specific targets are, what mechanisms it will use, and who is behind it.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?