Feeds

ZeuS cybercrime cookbook on sale in underground forums

Lets non-coders produce trojans, other burglar tools

5 things you didn’t know about cloud backup

Cybercrooks are offering what purports to be source code for the infamous ZeuS cybercrime toolkit through underground forums.

The would-be seller, nicknamed IOO, has lent credibility to the offer by including screenshots of what appears to be portions of the source code for ZeuS to his sales pitch. IOO offers to discuss the sale to prospective buyers via either Jabber or ICQ. He is prepared to accept payment via any escrow service.

The screenshots make reference to peinfector.cpp, a project of ZeuS known as "Murofet". Security researchers - while unable to verify the sale is genuine - are taking the potential offer seriously.

"Prior to this there were several rumors that the Zeus/Zbot code was sold to the creator of SpyEye," writes Peter Kruse, an eCrime specialist who works for Danish security consultancy CSIS Security.

"This is also currently unconfirmed - however what is certain is the fact that someone besides the author of the ZeuS/Zbot has access to the code."

Whether the specific sale by IOO is genuine or not, Kruse is sure that the secret recipe of ZeuS has become accessible to more people over recent weeks. "We have also seen compile logs confirming that ZeuS/Zbot code is available to broader audiences," he told El Reg.

ZeuS is best thought of as a customisable cybercrime toolkit that makes it easy for cyber-crooks without coding skills to knock out banking Trojans. Crooks can buy licences to use the tool via underground forums in order to develop keystroke logging tools that capture bank login credentials from compromised machines before uploading the credentials where they can be recovered by crooks for subsequent misuse.

Last October the FBI announced it had broken up a major cybercrime ring that used ZeuS to steal around $70m. Around 50 alleged phishing mules in the US and the UK were named as suspects as part of this operation. More significantly five Ukrainians suspected of controlling the whole operation were cuffed. The identity of the actual creator of ZeuS remains unknown. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.