Security Concerns Surge As Zeus Trojan Horse Becomes Free Online

Jay Decenella, IT audit expert
May 15, 2011 /

Financial institutions are now warned to prop up their online security measures as the source code of “the most pervasive” banking Trojan horse ever created is now free for hackers to use.

Peter Kruse, a security researcher with CSIS, revealed in a post in the security firm’s Web site that his team found the complete source code for the Zeus Trojan horse being distributed publicly across dark market forums as well as through other channels.

The announcement comes in the wake of the discovery of recent Trojan attacks launched by hackers against financial institutions in North America using “Sunspot”, an elusive Trojan horse that infects computers the way Zeus and SpyEye do.

The in-browser web security specialist Trusteer claimed last week that Sunspot has caused major financial losses in North American banks with SpyEye and Zeus–like infection rates and an ability to evade detection by the leading anti-virus programs.

Zeus was first discovered in July 2007 when hackers tried to steal information from the United States Department of Transportation. It steals banking information by keystroke logging and capturing web form data within various browsers.

The CSIS team compiled in its lab a number of addresses to where the crime kit is being leaked in a compressed zip archive.

“It works like a charm,” said Kruse.

The security researcher confirmed “that the complete ZeuS/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks.”

The Trojan horse is considered as one of the most “pervasive banking Trojan in the global threat landscape” according to Kruse, warning that with the leakage of its source code, Zeus will become more widespread and “an even bigger threat than it already is today.”

In June 2009, security firm Prevx spotted a compromise of over 74,000 FTP accounts on the Web sites of Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.

It was reported earlier that its creator, Slavik, left his malware writing activities and turned over Zeus’s source code to Gribodemon, the creator of rival banking Trojan SpyEye.

In January, observers were taken aback by an announcement posted by someone other than Gribodemon, saying that the Zeus source code could already be purchased.

In February this year, the Trojan horse was sold for $100,000 and fell to $5,000 in the following weeks. Last month, its source code was detected in BitTorrent being freely shared with anybody who uses the Web site.

 

Share your opinion