Feeds

Source code leaked for pricey ZeuS crimeware kit

Advanced trojan development comes to the unwashed masses

The Essential Guide to IT Transformation

Source code for the latest version of the ZeuS crimeware kit has been leaked on the internet, giving anyone who knows where to look free access to a potent set of malware-generation tools that normally sell for as much as $10,000.

Complete source code is available in at least three different locations, ensuring that it is now permanently available to the masses, Peter Kruse, a researcher with Danish firm CSIS Security, told The Reg. While the release could erode the paid market for the DIY malware kit, it could also spawn entire new kits that clone the existing code and build new features or services on top of it.

“The source code has until now been shared in very closed communities or bought by criminals with significant funds,” Kruse wrote in an email. “With the release of the entire code it's obvious we will see new versions/rebrands or improvements in general. If this grows outside of the established underground ecosystem it could have a significant impact.”

Selling in the criminal underground for anywhere from $2,000 to $10,000, ZeuS is best known as a tool for developing customized trojans that send victims' banking credentials to servers under control of the attacker. Premium versions include technical support and advanced features, such as the ability to bypass two-factor authentication offered by some financial institutions. Although there are rival crimekits such as one dubbed Eleonore, ZeuS is considered one of the most powerful and widely used of them.

But over the past year, ZeuS has undergone a fair amount of upheaval. In September, security researcher Billy Rios disclosed a serious vulnerability in ZeuS that allows whitehats and blackhats alike to seize control of botnets built using the crimekit. Around the same time, authorities in the UK, US and Eastern Europe accused dozens of individuals of laundering millions of dollars siphoned out of ZeuS-compromised bank accounts.

More recently, researchers have found evidence that the ZeuS code base has been merged with a separate crimekit known as SpyEye. And in March, CSIS's Kruse discovered ZeuS source code for sale in underground forums.

The general release of the ZeuS source code makes it all but certain that no one will pay money for the standalone version of the program, at least until its creators add must-have features to it that aren't available now. It's not clear who released the code or why.

ZeuS's growing pains resemble in many ways the challenges legitimate software packages experience as they grow in popularity.

“I do like the fact that as these crimeware softwares become more mature, the developers and maintainer will start to face the same challenges as traditional software – security patches, piracy, protecting IP, feature requests, even PR,” said Rios, who is a former security researcher for Microsoft. “I find this funny having spent some of my life worrying about the same issues as a proper security/software engineer.” ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.