Skip to main content

Complete Zeus Trojan Source Code Leaked

Bad news for your inbox and antivirus software: the Internet now has free access to the ZeuS trojan source code (aka Wsnpoem/Zbot). This means anyone can alter the files, compile them together and launch their own tailor-made malware attack without shelling out a single dime.

The news arrives just after Danish security firm CSIS discovered that the ZeuS source code was being sold on at least two "dark market" forums. Now it's clear that the malware has been bought and thrown out into the wild for all potential attackers to enjoy.

"This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels," the company said in a blog. "We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm."

"We can hereby confirm that the complete ZeuS/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks," the company added.

As if to bolster the discovery, an additional report indicated that ZeuS was beginning to appear as a fake Microsoft security update. The malicious spam first surfaced back on May 6 and has quickly increased in numbers. The messages seem to originate directly from Microsoft using the subject line "URGENT: Critical Security Update." The body itself claims that the attached patch will prevent malicious users from gaining access to the recipient's files. Naturally the ZeuS attachment is the very threat the alleged patch is supposed to prevent.

But now with the ZeuS source code available for anyone to use, scams like the Microsoft patch email may explode in numbers. "ZeuS/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable," CSIS said. "With the release and leakage of the source code the ZeuS/Zbot could easily become even more widespread and an even bigger threat than it already is today."

Naturally Internet users should never open attachments from unknown sources. Even if the email looks legit and contains a return address to Steve Ballmer's personal address, users should go directly to the source website and verify any possible updates.

  • Boy why do people do this? They need to take there talents and use them in a better fashion.
    Reply
  • Trialsking
    GeneralCleanBoy why do people do this? They need to take there talents and use them in a better fashion.Why do human's do anything in life?
    Because we can.
    Reply
  • milktea
    Please provide link to source code... anyone? :D
    Reply
  • bison88
    Email is dead and spam pretty much killed it long ago before Maleware became a major issue. This is why most people have one serious email and a couple spam accounts for sites they don't trust. Only use email to check on my order status from Amazon, Newegg, or others. That's about all it's good for.
    Reply
  • I accidentally found the link...
    http://www.megaupload.com/?d=VJEJVL1Y
    Could someone confirmed that this is the real Zeus Bot?
    Reply
  • mosu
    Yes, this is it
    Reply
  • upgrade_1977
    Well, it's bad because anyone can get there hands on it now, but it's good that it's released to the public so now antivirus companies should be able to write better code to identify it and eliminate it because now they understand the foundation of the code...right?
    Reply
  • kilo_17
    Great. Just great.
    Reply
  • hoofhearted
    MS Security Essentials prevented from downloading this, while on another XP computer with AVG free, I was able to download with no warnings, however, I ran a scan then AVG picked it up.
    Reply
  • rohitbaran
    ^ Well, someone should take care of these spammers on Toms.
    Reply