• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Botnets   »   ZeuS Source Code Already in the Wild

ZeuS Source Code Already in the Wild

  • Posted on:March 31, 2011 at 12:00 pm
  • Posted in:Botnets, Malware
  • Author:
    Kevin Stevens (Senior Threat Researcher)
8

For about two weeks now, the ZeuS source code has been making its way around to different people. Many people have been offering it up for sale on multiple forums, but lots of times it is only pieces of the code and not everything. There are also conflicting reports about important pieces of the code missing, not allowing it to work, or that everything is there except the modules that can be added in.

This has taken a recent turn however, due to the fact that source code was reportedly uploaded to a file sharing site and then the link was posted to a malware forum.

The catch is that the uploaded file is a .RAR file, and is password protected. You can look through the .RAR file and check that everything is there for the source code but you can’t actually look at the contents of the files due to the password protection. Multiple people are taking a crack at trying to bruteforce the password for the .RAR file, but so far no one that I know of has been able to crack it. There are even reports that some people in law enforcement are looking at it.

What does this mean in the long run though?

We are predicting that soon the source code will be in the hands of anyone that wants it. This could be potentially dangerous, but only if it gets into the hands of people who really know how to use it. The source code is written in C++ and requires someone with a fair knowledge of C++ to really figure out the code. It would not be possible for an average person to rip parts of the code out to use in their own malware.

A lot of this code, I have been told, is linked together through macros so if you try to pull out a piece of it then it will not work. Gribodemon , the author of SpyEye, posted a message on a Russian forum saying that the Zeus author, Slavik/monstr, sold the code to another person (for around 15K. Gribodemon also has a copy of the code) , that was supposed to use it and expand on its functionality. Apparently this person really didn’t know how to use the code and instead started to resell it to others. That is what has lead up to where we are now. Trend Micro will continue to keep an eye on this possible threat and update this blog with any new developments.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.