14 DAY TRIAL // Security researchers from Kaspersky Lab warn about a new crimeware pack called Ice IX which was built using the ZeuS source code leaked earlier this year.
Just like its parent, Ice IX is sold on the underground market and can be used to generate custom trojans that join infected computers into botnets.
According to Kaspersky Lab expert Jorge Mieres, Ice IX has been in the wild for some time already and the builder is available for $1800, a relatively high price considering that the entire ZeuS source code was once advertised for $10,000.
ZeuS remains the most popular banking trojan among cyber fraudsters, its infection count currently exceeding that of its closest competitor, SpyEye, four to one.
The crimeware is no longer in active developement, it's creator, Slavik, having retired from the malware writing scene last year.
The ZeuS code base was for some time in the possession of Hardeman, the SpyEye developer, who planned to merge the two crimeware packs together, however, it was later leaked and is now available for free.
This means that anyone with enough knowledge can grab the source and create their own spin-off. This is actually something that security researchers have been expecting since May when the leak happened.
The Ice IX trojan is similar to ZBot (ZeuS Bot) and its main purpose is to steal financial information. It does this by hooking into the browser process.
However, some variants analyzed by Kaspersky experts also steal Amazon AWS credentials. This aspect might be related to the recent increase in quantity of AWS-hosted malware.
"It is clear that from now on, more new crimeware will be based on ZeuS code. New developers, hoping to profit from cybercrime, will attempt to create their own new alternatives based on this source," Mieres warns.