14 DAY TRIAL // Security researchers worry that ZeuS source code, which is already available for sale on the underground market, could become widely available for anyone to use.
The history of ZeuS, one of the longest running and most successful trojans ever created, took an interesting turn last year when its creator decided to retire.
Slavik, as the ZeuS author calls himself, took the unusual step of leaving the trojan's code base to Gribodemon, creator of the competing SpyEye crimeware.
His intention was for Gribodemon to offer support to existent ZeuS customers and combine the two threats into one super trojan that had the best features of both.
However, sometime afterwards someone put the ZeuS source code up for sale, making it clear that there is more than one copy of it.
According to researchers from antivirus vendor Trend Miocro, Gribodemon posted a message on a Russian forum claiming that Slavik also sold the source code to someone else for $15,000.
It's possible the person is now trying to resell it to others for a profit. "We are predicting that soon the source code will be in the hands of anyone that wants it," the Trend experts say.
"This could be potentially dangerous, but only if it gets into the hands of people who really know how to use it," they add.
Apparently the ZeuS code is filled with macros that link different parts together. Pulling out individual components for reuse in another malware is not something that just any programmer can do.
Despite being undevelopment for months now, ZeuS remains the most popular information stealing trojan and is mostly used by cyber fraudsters to capture online banking details and other sensitive data.
However, Gribodemon's SpyEye is rapidly gaining market share, especially since the last versions have already integrated ZeuS features.