I investigated the contents of the web panel package, which turned out to be Ghost Panel with a modified skin:
As our readers probably recall, the Ghost Panel is an altered version of the last Zeus Web Panel (version 220.127.116.11) before the crimeware’s development was halted by its original author, Monstr/Slavik. The Ghost Panel was a craft of another hacker with the handle FreeZS, and was primarily created to become more resilient to AV monitoring.
While professional criminal parties capitalize on ZeuS by improving the bot’s functionalities, this reminds us that leaked Zeus versions are still being utilized by petty criminals who continue to contribute to the number of ZeuS attacks that we are facing today.
At the same time, these crooks manage to incorporate entertainment to their illegal operations more often than not. After all, cybercriminals, like us, are also human beings. It’s just that they have decided to use their skills unlawfully.
Past ZeuS-related posts:
- Another Modified ZeuS Variant Seen in the Wild
- A Refresher on Spam and Exploits
- ZeuS Gets Another Update