Feeds

ZeuS cybercrime cookbook on sale in underground forums

Lets non-coders produce trojans, other burglar tools

3 Big data security analytics techniques

Cybercrooks are offering what purports to be source code for the infamous ZeuS cybercrime toolkit through underground forums.

The would-be seller, nicknamed IOO, has lent credibility to the offer by including screenshots of what appears to be portions of the source code for ZeuS to his sales pitch. IOO offers to discuss the sale to prospective buyers via either Jabber or ICQ. He is prepared to accept payment via any escrow service.

The screenshots make reference to peinfector.cpp, a project of ZeuS known as "Murofet". Security researchers - while unable to verify the sale is genuine - are taking the potential offer seriously.

"Prior to this there were several rumors that the Zeus/Zbot code was sold to the creator of SpyEye," writes Peter Kruse, an eCrime specialist who works for Danish security consultancy CSIS Security.

"This is also currently unconfirmed - however what is certain is the fact that someone besides the author of the ZeuS/Zbot has access to the code."

Whether the specific sale by IOO is genuine or not, Kruse is sure that the secret recipe of ZeuS has become accessible to more people over recent weeks. "We have also seen compile logs confirming that ZeuS/Zbot code is available to broader audiences," he told El Reg.

ZeuS is best thought of as a customisable cybercrime toolkit that makes it easy for cyber-crooks without coding skills to knock out banking Trojans. Crooks can buy licences to use the tool via underground forums in order to develop keystroke logging tools that capture bank login credentials from compromised machines before uploading the credentials where they can be recovered by crooks for subsequent misuse.

Last October the FBI announced it had broken up a major cybercrime ring that used ZeuS to steal around $70m. Around 50 alleged phishing mules in the US and the UK were named as suspects as part of this operation. More significantly five Ukrainians suspected of controlling the whole operation were cuffed. The identity of the actual creator of ZeuS remains unknown. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.