Zeus Trojans Source Code Leaked In The Wild

Open source Zeus could result in widespread infections

The source code of the powerful Zeus Trojan used for stealing online banking credentials and other sensitive information is now out there for anyone to take, tweak, or use in an attack.
Denmark-based security firm CSIS Security Group blogged yesterday that it had discovered the source code was being leaked through various underground forums and places on the Internet. Peter Kruse, partner and security specialist with CSIS, says Zeus code now can be easily enhanced or modified. We believe this will be used as both inspiration for new and complex banking Trojan variants, as well as abused in future attacks, he says.
The freely available code also makes it easier for script kiddies and hackers without the financial means to license the crimeware kit to now easily use Zeus or some new variant for infecting machines and stealing sensitive information. Liam O Murchu, manager of operations for Symantec Security Response, says his team has a copy of the source code and is currently analyzing it. Weve even seen some of the code being reused in other threats, Murchu says.
The big concern is that the freely available Zeus source code will lead to a flood of new Zeus variants as various malware writers clamor to customize it. Murchu says it could follow the path of the Sbot malware family from nearly five years ago, when the Sbot source code was released and various malware writers added their own functionality to it, some making it plug-ins or other features.
We saw slight variants of the same code being released with slightly different configurations or modules -- some made it faster, some more lightweight ... It became just a huge flood of slightly different variants of these worms, he says. It could be that we see that again with Zeus ... It becomes an open-source project where everyone adds their own functionality. We havent seen that yet, but its a possibility.
Aviv Raff, CTO of
Seculert
, says he has seen a copy of the source code, as well. He says
recent posts
about the new Mac OS X malware that includes a Zeus-like Web injection feature indicates it could have been based on the leaked source code. Raff says the Zeus user guide included with the source code includes support for Windows XP, Vista, Windows 7, and Windows 2003/2003R2/2008/2008R2.
The Zeus user guide says the Trojan also doesnt require administrative rights to operate on XP and with UAC enabled on Vista and Windows 7, Raff says.
Meanwhile, CSIS first noticed
back in March
that the crimeware kit was for sale in at least two black market forums.
ZeuS/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable. With the release and leakage of the source code the ZeuS/Zbot could easily become even more widespread and an even bigger threat than it already is today, Kruse wrote in the companys blog post yesterday.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Zeus Trojans Source Code Leaked In The Wild