Sign in with
Sign up | Sign in

Complete Zeus Trojan Source Code Leaked

By - Source: CSIS | B 29 comments

Bad news for your inbox and antivirus software: the Internet now has free access to the ZeuS trojan source code (aka Wsnpoem/Zbot). This means anyone can alter the files, compile them together and launch their own tailor-made malware attack without shelling out a single dime.

The news arrives just after Danish security firm CSIS discovered that the ZeuS source code was being sold on at least two "dark market" forums. Now it's clear that the malware has been bought and thrown out into the wild for all potential attackers to enjoy.

"This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels," the company said in a blog. "We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm."

"We can hereby confirm that the complete ZeuS/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks," the company added.

As if to bolster the discovery, an additional report indicated that ZeuS was beginning to appear as a fake Microsoft security update. The malicious spam first surfaced back on May 6 and has quickly increased in numbers. The messages seem to originate directly from Microsoft using the subject line "URGENT: Critical Security Update." The body itself claims that the attached patch will prevent malicious users from gaining access to the recipient's files. Naturally the ZeuS attachment is the very threat the alleged patch is supposed to prevent.

But now with the ZeuS source code available for anyone to use, scams like the Microsoft patch email may explode in numbers. "ZeuS/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable," CSIS said. "With the release and leakage of the source code the ZeuS/Zbot could easily become even more widespread and an even bigger threat than it already is today."

Naturally Internet users should never open attachments from unknown sources. Even if the email looks legit and contains a return address to Steve Ballmer's personal address, users should go directly to the source website and verify any possible updates.

Discuss
Display all 29 comments.
This thread is closed for comments
  • 3 Hide
    otacon72 , May 12, 2011 7:31 PM
    If you install any attachment in any email you're a freakin idiot and deserve anything you get.
  • 1 Hide
    Anonymous , May 12, 2011 7:31 PM
    Boy why do people do this? They need to take there talents and use them in a better fashion.
  • 5 Hide
    Trialsking , May 12, 2011 7:34 PM
    GeneralCleanBoy why do people do this? They need to take there talents and use them in a better fashion.

    Why do human's do anything in life?
    Because we can.
  • 3 Hide
    milktea , May 12, 2011 7:44 PM
    Please provide link to source code... anyone? :D 
  • 1 Hide
    bison88 , May 12, 2011 7:57 PM
    Email is dead and spam pretty much killed it long ago before Maleware became a major issue. This is why most people have one serious email and a couple spam accounts for sites they don't trust. Only use email to check on my order status from Amazon, Newegg, or others. That's about all it's good for.
  • 1 Hide
    Anonymous , May 12, 2011 8:00 PM
    I accidentally found the link...
    http://www.megaupload.com/?d=VJEJVL1Y
    Could someone confirmed that this is the real Zeus Bot?
  • 1 Hide
    mosu , May 12, 2011 8:04 PM
    Yes, this is it
  • 0 Hide
    otacon72 , May 12, 2011 8:07 PM
    bison88Email is dead and spam pretty much killed it long ago before Maleware became a major issue. This is why most people have one serious email and a couple spam accounts for sites they don't trust. Only use email to check on my order status from Amazon, Newegg, or others. That's about all it's good for.


    Or you buy your own domain like I did. I never get spam on it because I control what comes through.
  • 1 Hide
    upgrade_1977 , May 12, 2011 8:17 PM
    Well, it's bad because anyone can get there hands on it now, but it's good that it's released to the public so now antivirus companies should be able to write better code to identify it and eliminate it because now they understand the foundation of the code...right?
  • 0 Hide
    kilo_17 , May 12, 2011 8:37 PM
    Great. Just great.
  • 0 Hide
    hoofhearted , May 12, 2011 8:44 PM
    MS Security Essentials prevented from downloading this, while on another XP computer with AVG free, I was able to download with no warnings, however, I ran a scan then AVG picked it up.
  • 0 Hide
    otacon72 , May 12, 2011 9:44 PM
    hoofheartedMS Security Essentials prevented from downloading this, while on another XP computer with AVG free, I was able to download with no warnings, however, I ran a scan then AVG picked it up.


    Just to see I tried to download it and Norton wouldn't let it finish.
  • 0 Hide
    rohitbaran , May 12, 2011 9:56 PM
    ^ Well, someone should take care of these spammers on Toms.
  • 0 Hide
    illo , May 12, 2011 10:11 PM
    Toms doesnt care enough to do anything but passively mediate the forums. as for the Zues news, thats a lot of fun.
  • 0 Hide
    TheWhiteRose000 , May 12, 2011 10:28 PM
    xD

    The fact that someone found and posted the source code here, is hilarious.
  • 1 Hide
    gerchokas , May 12, 2011 11:27 PM
    Lol!

    That link couldnt be more tempting even if it was a big red button with the sign "dont push" just above it.
    Let's see how much you can take, MS Security Essentials...!
  • 0 Hide
    Anonymous , May 13, 2011 12:35 AM
    I want to buy puma slipper woman, but I only have $29.95.
    Talk to me.
  • 0 Hide
    TheCapulet , May 13, 2011 12:53 AM
    bison88Email is dead and spam pretty much killed it long ago before Maleware became a major issue. This is why most people have one serious email and a couple spam accounts for sites they don't trust. Only use email to check on my order status from Amazon, Newegg, or others. That's about all it's good for.

    You must work fast food. For people who have shit to do for a living, email is absolutely essential.
  • 1 Hide
    eddieroolz , May 13, 2011 1:06 AM
    Junk mail filters are pretty good these days to the point that I don't worry too much, but some naive users can definitely be tricked by this.
  • 0 Hide
    bugo30 , May 13, 2011 2:10 AM
    I'm a bit surprised that now that the source code is out, Microsoft hasn't released a real patch to make it useless.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter