Cheap Zeus source code will generate more Trojan variants warns Trusteer CTO
April 2011 by Trusteer CEO
Barely two months after cybercriminals put the source code of Zeus up for sale at $100,000, reports are now coming in that the source code is being offered at bargain basement prices from multiple sources, says Trusteer the leading provider of Secure Web Access services.
According to Amit Klein, the Web browser security specialist’s CTO, since his research team confirmed in early February that the Zeus source code was being hawked around for $100,000, it seems that market forces have taken over, with the code’s exclusivity and price have taken consequential tumbles.
"We’ve observed before that that the old adage of there being no honour amongst thieves applies equally to the cybercriminal world, and now it seems that this even truer when it comes to electronic crime," he said.
"We said at the start of February that our research teams were seeing multiple variants of Zeus appearing on users’ machines, and now our colleagues over at Trend Micro are reporting that the source code being offered for sale on multiple forums from different people," he added.
As Kevin Stevens at Trend Micro said in his blog of late last week
(http://bit.ly/ep78bF) that elements of the source code have been available for a couple of weeks, but now it appears that matters have become serious after the code is being file-shared amongst potentially hundreds of users.
The only piece of good news to stem from this file-share of Zeus’ source code is that the RAR files are reported to be password protected, but there are also reports, says Klein, that some groups of hackers are attempting to brute force hack the password.
This means it is only a matter of time before the source code for Zeus is released in the wild at little or no cost, a step that potentially means that thousands of cybercriminals can then develop toolkits to maximise their revenues from the malware, he explained.
This, says Klein, is a very worrying step, as it means that toolkits based on Zeus malware will then potentially be in the hands of so-called script kiddies.
"As we said in early February, the extensible nature of Zeus, and its flexible ability to be recoded, means that the malware is likely to continue to be problem for financial users of the internet, and their organisations, for some time to come," he said.
"What we didn’t foresee was how rapidly this prediction would turn out to come true, and on a vastly larger scale than anyone could have foreseen. We may yet see even more variants of Zeus appearing on a larger scale - and shorter timeframe - than anyone could have predicted," he added.
"And it’s against this backdrop that we are urging all users of the Internet, whether business or consumer, to patch their software and update their security applications and download Trusteer Rapport without delay. We also strongly recommend that they look at their options to better defend their Web surfing activities."