Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Bad news for your inbox and antivirus software: the Internet now has free access to the ZeuS trojan source code (aka Wsnpoem/Zbot). This means anyone can alter the files, compile them together and launch their own tailor-made malware attack without shelling out a single dime.
The news arrives just after Danish security firm CSIS discovered that the ZeuS source code was being sold on at least two "dark market" forums. Now it's clear that the malware has been bought and thrown out into the wild for all potential attackers to enjoy.
"This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels," the company said in a blog. "We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm."
"We can hereby confirm that the complete ZeuS/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks," the company added.
As if to bolster the discovery, an additional report indicated that ZeuS was beginning to appear as a fake Microsoft security update. The malicious spam first surfaced back on May 6 and has quickly increased in numbers. The messages seem to originate directly from Microsoft using the subject line "URGENT: Critical Security Update." The body itself claims that the attached patch will prevent malicious users from gaining access to the recipient's files. Naturally the ZeuS attachment is the very threat the alleged patch is supposed to prevent.
But now with the ZeuS source code available for anyone to use, scams like the Microsoft patch email may explode in numbers. "ZeuS/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable," CSIS said. "With the release and leakage of the source code the ZeuS/Zbot could easily become even more widespread and an even bigger threat than it already is today."
Naturally Internet users should never open attachments from unknown sources. Even if the email looks legit and contains a return address to Steve Ballmer's personal address, users should go directly to the source website and verify any possible updates.
