14 DAY TRIAL // The Internet might soon be plagued by new versions of the notorious ZeuS banking trojan because its source code is now freely available online.
ZeuS remains the most popular crimeware toolkit despite its development having stopped last autumn when its creator retired.
The ZeuS Bot (Zbot) trojan is one of the most successful pieces of malware ever created, being using in all types of cybercriminal activities, from stealing online gaming credentials to compromising bank accounts and assisting check fraud.
Its creator, Slavik, decided to leave the public malware writing scene and surprisingly handed over the toolkit's source code to Gribodemon, the author of SpyEye, a rival banking trojan.
Gribodemon's intention was to port the most successful ZeuS features to SpyEye in order to create one super trojan, a plan that has been put into action to some extent.
Observers were taken by surprise in January when someone other than Gribodemon posted announcements on underground forums that the ZeuS source code is available for sale.
The version advertised was 2.0.8.9, which apparently is the same as the one of the package being distributed now for free.
"This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels.
"[...] We even compiled it in our lab and it works like a charm," announced Peter Kruse, security specialist at Danish IT security firm CSIS Security Group.
The existence of a password-protected .rar archive allegedly containing the ZeuS source code has been known for several weeks now, but researchers believed it served to showcase the project's file tree.
This is the first report of working ZeuS source code being available for free, which opens up the door to a lot of possibilities. Any malware writer can now theoretically create a version of the trojan with any modifications they desire.
Hopefully, the availability of the code will also help antivirus vendors to create better signatures that are able to detect most variations of the trojan.