Trending

Complete Zeus Trojan Source Code Leaked

By

The ZeuS trojan source code is now floating out in the wild for anyone to use.

Bad news for your inbox and antivirus software: the Internet now has free access to the ZeuS trojan source code (aka Wsnpoem/Zbot). This means anyone can alter the files, compile them together and launch their own tailor-made malware attack without shelling out a single dime.

The news arrives just after Danish security firm CSIS discovered that the ZeuS source code was being sold on at least two "dark market" forums. Now it's clear that the malware has been bought and thrown out into the wild for all potential attackers to enjoy.

"This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels," the company said in a blog. "We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm."

"We can hereby confirm that the complete ZeuS/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks," the company added.

As if to bolster the discovery, an additional report indicated that ZeuS was beginning to appear as a fake Microsoft security update. The malicious spam first surfaced back on May 6 and has quickly increased in numbers. The messages seem to originate directly from Microsoft using the subject line "URGENT: Critical Security Update." The body itself claims that the attached patch will prevent malicious users from gaining access to the recipient's files. Naturally the ZeuS attachment is the very threat the alleged patch is supposed to prevent.

But now with the ZeuS source code available for anyone to use, scams like the Microsoft patch email may explode in numbers. "ZeuS/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable," CSIS said. "With the release and leakage of the source code the ZeuS/Zbot could easily become even more widespread and an even bigger threat than it already is today."

Naturally Internet users should never open attachments from unknown sources. Even if the email looks legit and contains a return address to Steve Ballmer's personal address, users should go directly to the source website and verify any possible updates.

26 Comments Comment from the forums
  • 13 May 2011 02:31
    Boy why do people do this? They need to take there talents and use them in a better fashion.
    Reply
  • Trialsking 13 May 2011 02:34
    GeneralCleanBoy why do people do this? They need to take there talents and use them in a better fashion.Why do human's do anything in life?
    Because we can.
    Reply
  • milktea 13 May 2011 02:44
    Please provide link to source code... anyone? :D
    Reply
  • bison88 13 May 2011 02:57
    Email is dead and spam pretty much killed it long ago before Maleware became a major issue. This is why most people have one serious email and a couple spam accounts for sites they don't trust. Only use email to check on my order status from Amazon, Newegg, or others. That's about all it's good for.
    Reply
  • 13 May 2011 03:00
    I accidentally found the link...
    http://www.megaupload.com/?d=VJEJVL1Y
    Could someone confirmed that this is the real Zeus Bot?
    Reply
  • mosu 13 May 2011 03:04
    Yes, this is it
    Reply
  • upgrade_1977 13 May 2011 03:17
    Well, it's bad because anyone can get there hands on it now, but it's good that it's released to the public so now antivirus companies should be able to write better code to identify it and eliminate it because now they understand the foundation of the code...right?
    Reply
  • kilo_17 13 May 2011 03:37
    Great. Just great.
    Reply
  • hoofhearted 13 May 2011 03:44
    MS Security Essentials prevented from downloading this, while on another XP computer with AVG free, I was able to download with no warnings, however, I ran a scan then AVG picked it up.
    Reply
  • rohitbaran 13 May 2011 04:56
    ^ Well, someone should take care of these spammers on Toms.
    Reply