14 DAY TRIAL // In most cases, malware developers and Fraud-as-a-Service (FaaS) providers advertise their products on underground markets and sell them only to people that come with recommendations. This way, the cybercriminals can make sure their operations can’t be easily disrupted.
However, RSA researchers have identified one malware developer, presumably from Indonesia, who is advertising his creation directly on Facebook, on a page that contains a lot of information on cybercrime, exploits and botnets.
The developer is offering a customized version of the ZeuS Trojan, along with a botnet panel that’s programmed to work with the malware. The ZeuS Trojan kit, Zeus v 1.2.10.1, is demoed on a website specially created for this purpose.
Since ZeuS’s source code was leaked back in 2011, numerous cybercriminal groups have made attempts to develop improved variants.
“Seeing new customized Zeus Trojans out in the wild is very common, but seeing someone marketing a Zeus v1 kit is not,” wrote Limor Kessem, cybercrime and online fraud communications specialist at RSA.
“This case shows that the code leak, leading to the availability of the Trojan, makes for an even more diverse crimeware market, one that gives room to new offerings, especially at a time when all the major developers are staying away from the commercial arena.”
Kessem highlights the fact that such bold marketing likely stems from the fact that cybercrime laws are forgiving (or even absent) in the countries where the criminals are located.
The large number of cybercrime-related arrests have determined numerous fraudsters to hide their operations from the public as much as possible, and experts believe this is the key to reducing the criminal phenomenon.
“Laws and actual punishments are developing all over the world; the more people understand that digital crimes can be investigated, uncovered, proven and lead to jail time, the more they would hesitate before deciding to dabble in cybercrime,” Kessem concluded.