Zeus Trojan's Source Code Leaked to Masses

/ Source: SecurityNewsDaily

The source code to the Zeus Trojan, a notorious piece of bank-account-stealing malware previously sold in underground cybercrime markets, is now out in the open and available for free download.

"This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels," Peter Kruse from the security firm CSIS wrote.

The Zeus code is being distributed in a .zip file; Kruse ran it in his lab, and said, "It works like a charm."

The history of Zeus

Security researchers and law enforcement officials have had Zeus on their radars since last year; in September, 48 people in the U.S. and Eastern Europe were charged with deploying Zeus to infect PCs and steal nearly $9.5 million from British banks.

Long available in cybercrime markets, Zeus usually costs about $5,000, Dennis Fisher of the security firm Kaspersky Lab wrote.

That its source code can now be downloaded for free means it will undoubtedly get into more hands, and cybercriminals may be able to create new, more complex variants of it aimed at taking down new targets.

The future of Zeus

"With the source code out there, people can improve it, expand on it, use components of it in new malware — you can even imagine an open source project developing around it," Kevin McNamee, security architect at the identity theft protection firm Kindsight told SecurityNewsDaily.

Particularly dangerous, McNamee said, is the fact that cybercriminals are going to begin not only experimenting with Zeus, but also "aggressively repackaging" it to avoid detection by antivirus software.

McNamee told SecurityNewsDaily that he also expects online thieves to leverage the source code to target other forms of ecommerce, including online retailers like Amazon and eBay.

How to stay safe

Because the Zeus Trojan is designed, in its original form, to steal your online banking credentials, McNamee recommends you know the ins and outs of your bank's online platform.

"Be familiar with way your bank website appears," McNamee said. "Read the security page of your bank. If you're doing online banking, you owe it to yourself to become familiar with the way your online banking works."

For example, most banks encrypt their connections with HTTPS, which means when you visit your bank's website, the HTTPS in the browser bar will appear in green, with an image of a padlock next to it. If you visit your bank's website and don't see this, don't enter any personal information.

Also, online banking sites will never ask for the PIN used at ATMs. A site infected with Zeus, however, may be manipulated to ask you to input your PIN. It's important to know exactly what details your bank requires, and if you see anything fishy, log off immediately.

And as always, McNamee urges people to install antivirus software and firewalls on their computers, and make sure their software is up to date.