Zeus Crimeware Kit Source Code Leaked

← Back to Stories (view on slashdot.org)

Zeus Crimeware Kit Source Code Leaked

Posted by CmdrTaco on Wednesday May 11, 2011 @01:35AM from the yeah-sorry-bout-that dept.

Trailrunner7 writes "The source code to the infamous Zeus crimeware kit, which has been sold on underground forums for years, has been leaked and is now available for anyone to see if they know where to look. Security researchers over the weekend noticed that files appearing to contain the source code for the Zeus crimeware kit were starting to pop up on various forums frequented by attackers and cyber-criminals. The Zeus exploit kit is perhaps the most well-known kit of its kind right now, and has been used by a variety of attackers for numerous malware campaigns and targeted attacks."

121 comments

Min score:

Reason:

Sort:

This story is useless by roman_mir · 2011-05-11 01:37 · Score: 3, Informative

This story is useless without the actual source code attached to it.

--
You can't handle the truth.
1. Re:This story is useless by Anonymous Coward · 2011-05-11 01:42 · Score: 5, Informative
  
  http://www.thehackernews.com/2011/05/finally-source-code-of-zeus-crimeware.html
  You're welcome.
2. Re:This story is useless by thijsh · 2011-05-11 01:56 · Score: 2
  
  Thank you very much! The RAR archive (9.2Mb, password 'zeus') contains the Zeus source code alright (almost 60 KLOC of C++ and PHP with 10 KLOC of Russian comments). Interesting to see how the different parts work, I hope someone does an English translation for all non-Russian-speaking security researchers...
3. Re:This story is useless by Anonymous Coward · 2011-05-11 02:00 · Score: 0
  
  Useless? Its more than enough for governments to start allocating massive spending & resources to locking down the internet, imposing mandatory DPI and monitoring everything we do.
4. Re:This story is useless by Anonymous Coward · 2011-05-11 02:16 · Score: 0
  
  In America the Department of Immigration and Customs will show up at your house and put a bullet in your head.
  why? for downloading copyrighted material, and downloading something evil.
5. Re:This story is useless by Anonymous Coward · 2011-05-11 03:04 · Score: 0
  
  Can I get a refund ?
6. Re:This story is useless by Anonymous Coward · 2011-05-11 03:12 · Score: 0
  
  https://twitter.com/#!/search/zeus%20source%20dropbox
7. Re:This story is useless by X0563511 · 2011-05-11 12:03 · Score: 1
  
  I find it hilarious that the download links are almost all broken.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
8. Re:This story is useless by HNicolai · 2011-05-11 18:11 · Score: 1
  
  But this is not the full source... I have uploaded the full source here: http://www.myupload.dk/showfile/908525d7de1.zip/ (can't guarantee how long time the link will work).
9. Re:This story is useless by RockDoctor · 2011-05-11 23:44 · Score: 1
  
  I hope someone does an English translation for all non-Russian-speaking security researchers...
  I thought you programmer types enjoyed learning new languages.
  (I do speak a little Russian, but nowhere near enough to even consider trying something like this.)
  
  --
  Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Both good and bad news... by Manip · 2011-05-11 01:41 · Score: 3, Insightful

This news is good for the security researchers and anti-virus companies to a certain degree, but bad for the rest of us. Zeus is extremely well written and extendible. Now "everyone" has access to it.

The ironic part about charging people for access was that it kept the number of criminals with access to the world's best crimeware kit down, and now the floodgates have opened.
1. Re:Both good and bad news... by x*yy*x · 2011-05-11 01:51 · Score: 4, Funny
  
  But isn't open source a good thing? Now everyone can improve it and so on..
2. Re:Both good and bad news... by halfEvilTech · 2011-05-11 01:58 · Score: 1
  
  I see a the dawn of a new era for the script kiddies of the dark corners of the interwebs.
  I give it till tomorrow before we see new variants popping up if we are lucky.
3. Re:Both good and bad news... by Anonymous Coward · 2011-05-11 02:09 · Score: 0
  
  New? This is basically whats been going on for more then a decade? This is just some more source code to add to the pool.
4. Re:Both good and bad news... by AHuxley · 2011-05-11 02:10 · Score: 1
  
  Extendible to Mac and Linux?
  Is this related to the http://www.eweek.com/c/a/Security/Crimeware-Kit-Targeting-Mac-OS-X-Mimics-Zeus-and-Spyeye-Features-642093/
  "develop malware specifically for Mac OS X that uses the same templates as Zeus and Spyeye."
  ie same "idea" or is the code base shared? Thanks
  
  --
  Domestic spying is now "Benign Information Gathering"
5. Re:Both good and bad news... by wall0645 · 2011-05-11 02:33 · Score: 0
  
  It's only bad for "the rest of us" if by "the rest of us" you mean "Windows users, the vast majority of computer users" because Microsoft will inevitably drag its feet in fixing its vulnerabilities (if it is even able to fix them) even though it now has a direct window into how Windows machines are being attacked.
  
  I don't know a lot about Zeus, but if it can attack Linux machines, I would imagine the vulnerabilities would be fixed very promptly.
6. Re:Both good and bad news... by jimicus · 2011-05-11 02:53 · Score: 1
  
  You know what? I'm not entirely convinced.
  It may lead to stronger heuristics, but I can also see it leading to about a thousand variants, all just different enough to avoid tripping a scanner.
7. Re:Both good and bad news... by Securityemo · 2011-05-11 03:18 · Score: 1
  
  Google the term "packer".
  
  --
  Emotions! In your brain!
8. Re:Both good and bad news... by Anonymous Coward · 2011-05-11 03:28 · Score: 2, Funny
  
  My company is on it...after a year through our processes, zeus will be so broken and useless no one will want to use it.
9. Re:Both good and bad news... by _0xd0ad · 2011-05-11 03:39 · Score: 1
  
  Packed executable code has to be unpacked at some point before it is executed, and if the virus scanner is actively monitoring processes it can detect it at that point.
10. Re:Both good and bad news... by JWSmythe · 2011-05-11 03:54 · Score: 1
  
  Bob, I told you to stay off of Slashdot while you're suppose to be "working". We all know you don't do much of anything, but referencing your coworkers as incompetent slackers really doesn't make you any new friends.
  Now get back to work. You've been doing that "simple" change for 2 months now. Get it done with so we can present it to the customer.
  
  --
  Serious? Seriousness is well above my pay grade.
11. Re:Both good and bad news... by JohnRoss1968 · 2011-05-11 04:06 · Score: 1
  
  I Tried that....
  But I cant for the life of me figure out what FUDGE has to do with viruses.
12. Re:Both good and bad news... by Riceballsan · 2011-05-11 04:09 · Score: 1
  
  Well theoretically wouldn't that also give microsoft and security vendors a chance to adapt, patch the holes and flaws that allow the kit to work in the first place? Sure it's a huge extra fear since the source code is out and it can adapt to new holes faster, but I'd imagine the ones who were capable of finding and exploiting vulnerabilities were already a threat.
13. Re:Both good and bad news... by Securityemo · 2011-05-11 04:34 · Score: 1
  
  I am not a skilled reverser, but I have read about a solution to this problem: waiting out the antivirus sandbox by either doing seemingly harmless things for long enough or burying the malware code inside another executable (code cave, pushing code forwards and recalculating the references, etc.) referencing it from a place in the executable that is guaranteed to execute but after the sandbox timeout. AFAIK no antivirus scans process memory at intervals or otherwise "actively monitors" the memory of processes for malware signatures outside the sandbox virtual machine.
  
  I've read about solutions that monitor the behaviour (API calls, etc.) of processes while they run, working a bit like SELinux in that regard, though.
  
  --
  Emotions! In your brain!
14. Re:Both good and bad news... by kpainter · 2011-05-11 04:46 · Score: 1
  
  My company is on it...after a year through our processes, zeus will be so broken and useless no one will want to use it.
  So, who do you work for? Apple or Microsoft?
15. Re:Both good and bad news... by Anonymous Coward · 2011-05-11 06:04 · Score: 0
  
  Packed code in many packers nowadays is not "packed" but virtualized and obfuscated, with a different seed used each time, it doesn't get unpacked into a plain binary, it doesn't need to (the EP stub will execute the virtualized code rather then unpacking it).
16. Re:Both good and bad news... by _0xd0ad · 2011-05-11 06:08 · Score: 1
  
  Which is why virus scanners also monitor processes' behavior. The malicious code has to interact with the real system somehow, no matter how deeply it's virtualized or obfuscated.
17. Re:Both good and bad news... by Sulphur · 2011-05-11 06:14 · Score: 1
  
  It's only bad for "the rest of us" if by "the rest of us" you mean "Windows users, the vast majority of computer users" because Microsoft will inevitably drag its feet in fixing its vulnerabilities (if it is even able to fix them) even though it now has a direct window into how Windows machines are being attacked.
  
  That is because it is open source.
18. Re:Both good and bad news... by wall0645 · 2011-05-11 06:19 · Score: 1
  
  That is because it is open source.
  I'm not following you.
19. Re:Both good and bad news... by ae1294 · 2011-05-11 06:57 · Score: 1
  
  My company is on it...after a year through our processes, zeus will be so broken and useless no one will want to use it.
  A year? WOW we only get three months per project! Where do you work?
20. Re:Both good and bad news... by Sulphur · 2011-05-11 07:08 · Score: 1
  
  That is because it is open source.
  I'm not following you.
  Those guys don't like open source, and that might stop them.
21. Re:Both good and bad news... by Anonymous Coward · 2011-05-11 07:35 · Score: 0
  
  Packing fudge spreads them.
22. Re:Both good and bad news... by IllusionalForce · 2011-05-11 19:54 · Score: 0
  
  This could actually really prove to be useful, since that could open the possibility of a "counter-trojan" infecting all vulnerable computers and getting rid of other Zeus installations, while then proceeding to purge itself.
23. Re:Both good and bad news... by qpqp · 2011-05-11 21:42 · Score: 1
  
  Strangely, I had a feeling you were talking about governments when reading your post; I'd be less worried about "traditional" criminals.
24. Re:Both good and bad news... by eigenstates · 2011-05-12 11:20 · Score: 1
  
  Are you saying that you keep the product managers and marketing from feature bombing you 3 days from code complete by employing some magical force barrier? DO WANT!
  
  --
  quis custodiet ipsos custodes
25. Re:Both good and bad news... by ae1294 · 2011-05-12 12:55 · Score: 1
  
  Are you saying that you keep the product managers and marketing from feature bombing you 3 days from code complete by employing some magical force barrier? DO WANT!
  No.. they just won't let us leave until it's finished.
Success! by binarylarry · 2011-05-11 01:45 · Score: 2, Insightful

Chalk up another victory for Open Source!
Err wait...

--
Mod me down, my New Earth Global Warmingist friends!
1. Re:Success! by rednip · 2011-05-11 02:12 · Score: 4, Funny
  
  But it's not open source, it's pirated code. The copyright holders should sue!
  
  --
  The force that blew the Big Bang continues to accelerate.
2. Re:Success! by Anonymous Coward · 2011-05-11 05:23 · Score: 0
  
  So if it were based on SCO unix...
3. Re:Success! by Anonymous Coward · 2011-05-11 12:33 · Score: 0
  
  Let's GPLv3 it and sue them back!
Cool, now maybe we can get a Linux port by halfdan+the+black · 2011-05-11 01:52 · Score: 5, Funny

Why do Windows users get all kinds of great software like this, now with the source, maybe we can finally get some really great malware for Linux.
1. Re:Cool, now maybe we can get a Linux port by drooling-dog · 2011-05-11 02:04 · Score: 1
  
  With all of the money and PR behind Windows, surely it can't be for the lack of trying.
  Although to be fair I had a Linux box rooted back in 2001, due to some carelessness on my own part. Still have the trojan code, too...
2. Re:Cool, now maybe we can get a Linux port by bigredradio · 2011-05-11 02:04 · Score: 1
  
  Dude! Shhhhhhhhhhhhhhhhh!
  
  --
  Flexible bare-metal recovery for Linux/UNIX
3. Re:Cool, now maybe we can get a Linux port by rednip · 2011-05-11 02:23 · Score: 1
  
  Still have the trojan code, too...
  While it shouldn't be confusing, do you have it running as some sort of 'honey pot', or are you just a bit hoarder?
  One of the things that people often tout about Linux is it's strong security model; however, I'll believe it's a true advantage when I even see a majority of system admins avoid the use of root for day to day activities/ process users.
  
  --
  The force that blew the Big Bang continues to accelerate.
4. Re:Cool, now maybe we can get a Linux port by jimicus · 2011-05-11 02:47 · Score: 3, Interesting
  
  Meh. Like any security model, it's only good if it gets used properly in the real world.
  Windows has a perfectly good security model, it's only when exposed to real-world use it falls over horribly. Make it too complex and people will do everything in their power to undermine it.
5. Re:Cool, now maybe we can get a Linux port by VortexCortex · 2011-05-11 03:05 · Score: 3, Insightful
  
  Why do Windows users get all kinds of great software like this, now with the source, maybe we can finally get some really great malware for Linux.
  You jest, but your joke is confused. A "Linux port" would mean that users of Linux would be able to use the attack toolkit -- not that they would suddenly become susceptible to the Windows exploit vectors.
  Thus a port wouldn't enable us to create malware targeting Linux any more than a Windows port of GCC suddenly makes MS Visual Studio better.
6. Re:Cool, now maybe we can get a Linux port by rednip · 2011-05-11 04:06 · Score: 1
  
  Meh, that was exactly my point.
  
  --
  The force that blew the Big Bang continues to accelerate.
7. Re:Cool, now maybe we can get a Linux port by Skapare · 2011-05-11 04:37 · Score: 1
  
  Windows bug number 1: Users.
  
  --
  now we need to go OSS in diesel cars
8. Re:Cool, now maybe we can get a Linux port by Skapare · 2011-05-11 04:40 · Score: 1
  
  It depends on what parts of it you do the porting on. Where there is a piece of code that attacks some Windows exploit, you have to "port it" so that it attacks some Linux exploit. That's probably harder to do, but not impossible. Create enough incentive (like getting 100 million moms with credit cards to use Linux), and it will be solved in no time.
  
  --
  now we need to go OSS in diesel cars
9. Re:Cool, now maybe we can get a Linux port by JWSmythe · 2011-05-11 06:56 · Score: 1
  
  I can up you on that one. Well, kinda.
  I worked for a company that had "free hosting" servers. They were honestly free for customers that used our payment system. Since anyone could sign up, anyone did. We had all kinda of neat root kits, PHP shells, back doors, and the like installed. I'd sweep on a regular basis looking for them. We were locked down tight enough so they never broke very much of anything The worse would be someone would exploit something a user installed, which would deface their site. IDS helped a lot there though. :) Once in a great while, I'd find a lingering CGI which would turn out to be a back door listening on a port that wasn't open on our firewall, so all they managed to do was start a back door that no one could access.
  We'd investigate the "intrusion", make any necessary corrections so it wouldn't happen again (block the user and network who uploaded the malicious code, help the customer upgrade their software to current, and remind them that it's not safe to leave ancient packages running). I had a rather nice collection of malicious code. It was all dated, and tagged with incident notes.
  Unfortunately, when I left the company anything related to the company stayed there, so I no longer had my "collection".
  Some people never understood why I kept it. It wasn't ever to use against anyone. It did server two purposes. The first was, I could show new employees what people would try to do. Most thought such things were theoretical, so I would show them that they really happened. The second was to research methods used by the "bad guys". To effectively defend yourself, you have to be fully aware of their methods and capable of recreating them, and even improving on their attacks so we could stay ahead of them.
  Too many people being and end their security with "my servers are patched when we put them online" and "I have a firewall". All fine and dandy until you find out that it really wasn't enough.
  
  --
  Serious? Seriousness is well above my pay grade.
10. Re:Cool, now maybe we can get a Linux port by Anonymous Coward · 2011-05-11 13:56 · Score: 0
  
  "Windows has a perfectly good security model, it's only when exposed to real-world use it falls over horribly."
  Hard to read your tone here -- are you kidding or serious? If something "falls over horribly" when used then it's not usually considered good except by the most clueless of people.
oblig. by Anonymous Coward · 2011-05-11 01:52 · Score: 0

So, would that be a variation on security by obscurity?
where is the code? by Anonymous Coward · 2011-05-11 01:59 · Score: 0

where is the code? where is the code?
1. Re:where is the code? by Nyder · 2011-05-11 02:05 · Score: 1
  
  where is the code? where is the code?
  What is google?
  
  --
  Be seeing you...
2. Re:where is the code? by HelioWalton · 2011-05-11 02:11 · Score: 1
  
  ... Baby don't hurt me, don't hurt me, no more!
PWS-Zbot.gen.ds trojan detected by doperative · 2011-05-11 02:01 · Score: 5, Funny

Says "PWS-Zbot.gen.ds trojan detected" here ...
1. Re:PWS-Zbot.gen.ds trojan detected by Anonymous Coward · 2011-05-11 02:08 · Score: 3, Funny
  
  Duh.
2. Re:PWS-Zbot.gen.ds trojan detected by Anonymous Coward · 2011-05-11 02:08 · Score: 0
  
  And this is a surprise? It's source code for malware god dammit...
3. Re:PWS-Zbot.gen.ds trojan detected by TypoNAM · 2011-05-11 02:09 · Score: 2
  
  Yep, clamwin reported this:
  
  F:\zeus\ZeuS 2.0.8.9\output\builder\zsb.exe: Trojan.Spy.Zbot-142 FOUND
  F:\zeus\ZeuS 2.0.8.9\output\client32.bin: Trojan.Spy.Zbot-142 FOUND
  
  ----------- SCAN SUMMARY -----------
  Known viruses: 950447
  Engine version: 0.97
  Scanned directories: 49
  Scanned files: 436
  Infected files: 2
  
  Data scanned: 36.92 MB
  Data read: 34.83 MB (ratio 1.06:1)
  Time: 15.219 sec (0 m 15 s)
  
  So, basically the zeus.rar archive contains a few precompiled executables that I assume were created with the provided source code and antivirus vendors already have the signatures for it.
  
  --
  This space is not for rent.
4. Re:PWS-Zbot.gen.ds trojan detected by snemarch · 2011-05-11 02:10 · Score: 2
  
  +5 insightful. Or funny? Can't decide.
  
  --
  Coffee-driven development.
5. Re:PWS-Zbot.gen.ds trojan detected by Anonymous Coward · 2011-05-11 02:29 · Score: 0
  
  This just in: RAR containing source code and precompiled binaries of well-known malware....contains that malware!
6. Re:PWS-Zbot.gen.ds trojan detected by onepoint · 2011-05-11 03:04 · Score: 1
  
  Big deal, open the application in a sandbox, take a look at the log's. and as the poster above commented, most likely examples.
  
  --
  if you see me, smile and say hello.
7. Re:PWS-Zbot.gen.ds trojan detected by SydShamino · 2011-05-11 04:22 · Score: 1
  
  Well, no reason to bother with an MD5 for this download; you know it's what it says it is...
  
  --
  It doesn't hurt to be nice.
8. Re:PWS-Zbot.gen.ds trojan detected by Anonymous Coward · 2011-05-11 06:49 · Score: 0
  
  Really? And trust the sandbox to catch everything/log it, and trust the exe not to have anything else in there?
  I really don't know why people bother with all this MS-based virus-infected crap when they can run debian/ubuntu/mint and have 25000+ tested, verified apps from a trustworthy source.
9. Re:PWS-Zbot.gen.ds trojan detected by Desler · 2011-05-11 09:15 · Score: 1
  
  I really don't know why people bother with all this MS-based virus-infected crap when they can run debian/ubuntu/mint and have 25000+ tested, verified apps from a trustworthy source.
  Like OpenSSL and UnrealIRCD?
10. Re:PWS-Zbot.gen.ds trojan detected by justinius23 · 2011-05-12 05:27 · Score: 1
  
  you're kidding!
Fixing holes by Anonymous Coward · 2011-05-11 02:05 · Score: 0

Wait, doesn't this mean that security systems maintainers can/will be forced to begin filling whatever loopholes Zeus is exploiting? Or does it exploit "unsolvable" issues?
Wonder if the devs of zeus... by Nyder · 2011-05-11 02:06 · Score: 1

... are going to sue any one for leaking their code?
=)

--
Be seeing you...
1. Re:Wonder if the devs of zeus... by Anonymous Coward · 2011-05-11 02:10 · Score: 0, Offtopic
  
  it is a subject field, not a beginning of your post field
2. Re:Wonder if the devs of zeus... by Anonymous Coward · 2011-05-11 02:57 · Score: 0
  
  Hmm, ... are you certain of that?
3. Re:Wonder if the devs of zeus... by Anonymous Coward · 2011-05-11 03:03 · Score: 0
  
  Since you're obviously thick I'll spell it out for you. Combine the title of the post with the body of the post and consider the ellipsis (...) in the title as an indicator that the title continues into the body of the post, and the ellipsis in the body as the point where the title is continued.
  
  [I] Wonder if the devs of zeus are going to sue any one for leaking their code?
  So you can now hopefully see that the OP was not suggesting that ellipsis is going to sue, but that Zeus might consider suing. And before that further confuses you, it was a question asked tongue-in-cheek, you moron.
4. Re:Wonder if the devs of zeus... by _0xd0ad · 2011-05-11 03:41 · Score: 1
  
  If you're as pedantic as GP, that's still not a question.
  "I wonder if the devs of zeus are going to sue anyone for leaking their code."
Mod up by DJLuc1d · 2011-05-11 02:13 · Score: 1

Wish I had mod points.... never when you need them.
dark side speaking russian translation-jedi needed by Anonymous Coward · 2011-05-11 02:31 · Score: 0

all the comments are in russian :(
up to now, i did not notice that the dark side was mainly speaking russian because i could never hear darth vader's voice through his helmet clearly.
jam3s? by Anonymous Coward · 2011-05-11 02:34 · Score: 3, Interesting

Doing a little forensics on the solutions file for the visual studio project, we can see that the username the hackers users on his Windows box is "jam3s". There are several strings in the solutions file that reference this username:
C : \ U s e r s \ j a m 3 s \ D e s k t o p \ Z e u s \
C : \ U s e r s \ j a m 3 s \ D e s k t o p \ Z e u s \ s o u r c e \ c l i e n t \ c o r e . c p p
I've seen this handle before in a lot of other malware designed to steal logon credentials and financial data.
1. Re:jam3s? by Anonymous Coward · 2011-05-11 02:47 · Score: 0
  
  This guy is not 1337 enough, it should be j4m35.
2. Re:jam3s? by Anonymous Coward · 2011-05-11 03:21 · Score: 0
  
  don't you mean j4|\/|35
  or is it j4|\\/|35,
  or j4\|\\/\|35
  shit i forget
3. Re:jam3s? by _0xd0ad · 2011-05-11 03:42 · Score: 1
  
  C : \ U s e r s \ j 4 | \ / | 3 5 \ D e s k t o p \ Z e u s \ ... yeah, no. | \ / are illegal/reserved characters in a Windows pathname...
4. Re:jam3s? by Anonymous Coward · 2011-05-11 03:46 · Score: 0
  
  Kill yourself.
5. Re:jam3s? by _0xd0ad · 2011-05-11 03:48 · Score: 2
  
  He can't read your comment - for some reason his firewall isn't letting him load this page anymore. Something about malware.
6. Re:jam3s? by datapharmer · 2011-05-11 03:52 · Score: 0
  
  hahahahaha. At least someone here has a sense of humor. I guess everyone else is scratching their heads and muttering "but that won't work..."
  
  --
  Get a web developer
7. Re:jam3s? by Anonymous Coward · 2011-05-11 04:44 · Score: 1
  
  funny... there's a jam3s on twitter who appears to be an intern at Intel in the UK. but surely that must just be a coincidence.
8. Re:jam3s? by Anonymous Coward · 2011-05-11 05:26 · Score: 1
  
  I think it might be this guy:
  http://www.jam3s.net/
  "Computers ~
  I have a passion for computers and I learned about many different aspects of computers in terms of dialup service, networking, software, anti-virus / malware, website design, databases, servers, etc. I am always learning stuff with computers as computers are ever-changing. I have designed a few websites for different nonprofit organizations and companies. Microsoft sadly is my least favorite software company, however at the same time it is my favorite company. Most of their software is great by some of the features do not work well with others. Also, I think that a lot of their software is released in the Beta stage (too early)."
9. Re:jam3s? by Anonymous Coward · 2011-05-11 05:35 · Score: 0
  
  funny... there's a jam3s on twitter who appears to be an intern at Intel in the UK. but surely that must just be a coincidence.
  and there's a picture of him camping:
  http://yfrog.com/h4lltkrj
10. Re:jam3s? by Sulphur · 2011-05-11 06:26 · Score: 1
  
  He can't read your comment - for some reason his firewall isn't letting him load this page anymore. Something about malware.
  Maybe if he goes to the right place, then the malware will infect him with the source.
  --
  Luke use the souce.
11. Re:jam3s? by A+Friendly+Troll · 2011-05-11 07:42 · Score: 1
  
  Doing a little forensics on the solutions file for the visual studio project, we can see that the username the hackers users on his Windows box is "jam3s". There are several strings in the solutions file that reference this username:
  So, are we dealing with jamtrees that jam some sweet jazz music, or are those trees that produce jam (and if so, which flavour)?
12. Re:jam3s? by Anonymous Coward · 2011-05-11 08:03 · Score: 0
  
  Mayhaps it's this guy? "I have a passion for computers and I learned about many different aspects of computers in terms of dialup service, networking, software, anti-virus / malware, website design, databases, servers, etc."
  http://www.jam3s.net/about-me
13. Re:jam3s? by Anonymous Coward · 2011-05-13 04:26 · Score: 0
  
  funny... there's a jam3s on twitter who appears to be an intern at Intel in the UK. but surely that must just be a coincidence.
  That would be myself (found this article via hit refers to my site) and it is just a coincidence. Just an average IT guy
The damn 'subject field' by countertrolling · 2011-05-11 02:38 · Score: 0

is anything we want it to be... What are you? the format police?
Go back to Hollywood, and complain about Modonna's dress, or lack thereof...

--
For justice, we must go to Don Corleone
1. Re:The damn 'subject field' by JohnRoss1968 · 2011-05-11 04:09 · Score: 1
  
  PLEASE DO NOT FEED THE TROLL
Yeah... by Anonymous Coward · 2011-05-11 02:48 · Score: 0

Yeah, just make this as public as possible, why don'tcha?
Really?
1. Re:Yeah... by Anonymous Coward · 2011-05-11 03:09 · Score: 1
  
  Dude, the executable is essentially public. It's malware; it literally wants to spread. I could go to any of the dozen PC's currently in our "compromised" VLAN and pull off the Zeus binary.
  Now, I have access to the source code too. I have access to information, I can use that to build understanding. That will only make my job of keeping the malware off our systems easier, ... because the binary is already frickin' everywhere.
How is babby formed? by sstamps · 2011-05-11 02:53 · Score: 1

How is babby formed?

--
-SS "Teach the ignorant, care for the dumb, and punish the stupid."
I just have to ask.... by Anonymous Coward · 2011-05-11 02:53 · Score: 0

was wikileaks involved??????
Just wondering by indecks · 2011-05-11 03:30 · Score: 1

What is the Zeus Crimeware Kit? I'm assuming it's something to help write viruses? I really don't know.

seriously, I dont know what it is.
1. Re:Just wondering by Anonymous Coward · 2011-05-11 03:46 · Score: 0
  
  click this lazy:
  http://www.google.com/search?q=+Zeus+Crimeware+Kit
2. Re:Just wondering by indecks · 2011-05-11 04:01 · Score: 1
  
  Thanks, but that doesn't tell me what it is, it just brings up news links to it being released - which I'm aware of because I read this post.
3. Re:Just wondering by AHuxley · 2011-05-11 04:11 · Score: 1
  
  try http://www.eweek.com/c/a/Security/Crimeware-Kit-Targeting-Mac-OS-X-Mimics-Zeus-and-Spyeye-Features-642093/
  Could offer options like: "The kit supports Web injects and form grabbing in Firefox. The templates used are identical to the ones used in Zeus and Spyeye, according to Kruse. The forms seamlessly inject fraudulent fields into legitimate Websites that are intended to trick users into entering additional sensitive information. When the data is entered, it is automatically transmitted back to the malicious owner."
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:Just wondering by JohnRoss1968 · 2011-05-11 04:47 · Score: 1
  
  OK I will explain.
  Since the rise of modern religions like Christianity and Judaism, The Gods of the older religions, such as the Norse Gods and the Greek Gods have gotten left behind.
  With nothing to do some of them have taken up hobbies.
  Hestia has her own show on the Food network. Good recipes btw, although she tends to over use the Greek yogurt to much for my tastes.
  Aphrodite started a marriage consoling service with Hera.
  Poseidon opened up a water park, the rides were great but it was shut down due to legal actions over the name Poseidon's Adventure Water Park.
  Hermes has his own line of sneakers out with Nike.
  Apollo started hanging out with the Hollywood types. He was last seen hanging out with Charlie Sheen and some porn stars. I bet he ends up in a rehab before the years end.
  And Zeus , as you probably have guessed by now Fights crime in his spare time. He got the idea of a Crime-ware kit from Batman. He does not have a costume, as he claims the tights chafed too much.
  I hope that helps, If not here are a few links that may explain better than I did.
  http://tinyurl.com/5r2ke8e
  http://tinyurl.com/4x2waph
5. Re:Just wondering by DMUTPeregrine · 2011-05-11 05:18 · Score: 1
  
  It's a kit to assemble credit-card stealing keylogger worms. Select the expliots to use, select the payloads, tell it where to send the data, what your command and control servers are, compile, and steal data.
  
  --
  Not a sentence!
6. Re:Just wondering by Anonymous Coward · 2011-05-11 05:31 · Score: 0
  
  Nice malware links. TinyURL my crime-fearing-ass.
  (Srsly, why the hell would you use URL shortening when not using that service for twits (nevermind why would you use that in the first place)?)
7. Re:Just wondering by lonelytrail · 2011-05-11 05:55 · Score: 1
  
  Even better:
  http://lmgtfy.com/?q=Zeus+Crimeware+Kit
8. Re:Just wondering by Anonymous Coward · 2011-05-11 07:22 · Score: 0
  
  http://en.wikipedia.org/wiki/Zeus_botnet
  This?
it was on the news this mroing by Anonymous Coward · 2011-05-11 03:33 · Score: 0

a mother in AR
freenet by Anonymous Coward · 2011-05-11 03:36 · Score: 0

Saw this in the 'leak' board on FMS
CHK@V7zSetO6-h3DjEV59J4H7TBltII7t4-KqEg9zuFS3RM,Nez8p8nmxsDQf8UXE4p1mKFSwwAJX0h4c6iSifA0bjw,AAIC--8/ZeuS.2.0.8.9-source-code__password-is-zeus.rar
Don't feel like fetching it though.
plagiarism by Anonymous Coward · 2011-05-11 04:18 · Score: 0

He copied quicksort from http://www.gentee.com/source/src/algorithm/qsort_c.htm without acknowledging.
Ctrl+p by Anonymous Coward · 2011-05-11 04:35 · Score: 0

So, now I have something interesting to read before I go to bed.
I will admit ignorance by Anonymous Coward · 2011-05-11 05:00 · Score: 0

but I know pretty much nothing about the Zeus toolkit other than seeing slashdotters talk about how great and famous it is. I know that this is going to sound trollish, but wouldn't such a powerful piece of software normally have a wikipedia page at least? It has nothing...
Tracking down the author for fun and profit by Anonymous Coward · 2011-05-11 07:12 · Score: 0

Slashdoters now have the authors fingerprints and now some chance of tracking him down. After all developers who write decent quality code are hard to find and HR might offer a finders fee :-)
1. Re:Tracking down the author for fun and profit by _0xd0ad · 2011-05-11 07:29 · Score: 1
  
  I looked at that, and the first thing I noticed was where he puts two constructs in one line, like so:
  for (;;) if()
  {
  }
  Well shit... I do that. Isn't it obvious? There's only one block of statements; it will execute for each item in the list if the condition is true for that item. Why waste an extra level of indentation?
But who would let it out by Stu101 · 2011-05-11 07:15 · Score: 1

Thinking about this over dinner, I came to a thought about HOW this got put into general availability.
This crimeware kit is like $10,000 a go. If I where the developer, I would be very careful about where copies go and security on the local machine. So either this guy, or his backups got hacked, or the other potential way it got out is through a trusted client or similar.
It would be sweet irony if the malware developer got pawned by another piece of malware, but I guess we will never know.

--
http://www.writeitfor.us - Writing IT for the IT generation.
1. Re:But who would let it out by Anonymous Coward · 2011-05-11 12:12 · Score: 0
  
  "pawned"?
2. Re:But who would let it out by Anonymous Coward · 2011-05-12 04:37 · Score: 0
  
  Lesson to learn: don't piss off the guy that taught you how to code.
Google Translate: That Someone Is You by cmholm · 2011-05-11 07:36 · Score: 1

There are several different ways to have Google Translate do the heavy lifting for you. I'll bet that the machine translation will be good enough for you to get the gist of the message.

--
Luke, help me take this mask off ... Just for once, let me butterfly kiss you with my own eyes.
Missing The Point: GP Wants To Run Code by cmholm · 2011-05-11 07:42 · Score: 1

I think the gp poster may have been interested in *running* the code, ergo Ubuntu in itself ain't gonna help. However, a sandbox to play in running *within* Ubuntu, that would give me a warm fuzzy... unless Zeus is known to try to climb out of VMs.

--
Luke, help me take this mask off ... Just for once, let me butterfly kiss you with my own eyes.
KAV source by luk3Z · 2011-05-11 16:57 · Score: 0

We have Kaspersky AV 8 source also :)

--
Recipes for USA bankrupt - http://tinypaste.com/0d66f dd = dollar deluge (printed in the infinity)
Wind0ws is the biggest trojan by Anonymous Coward · 2011-05-12 01:06 · Score: 0

People forget that Windows OS is the biggest and most spread trojan [bot] and the funniest thing is that people install it themselves
Stuxnet.an nuclear worm hit Japan in Fukushima-1! by Anonymous Coward · 2011-05-12 01:14 · Score: 0

Guess we will never see the Stuxnet combat trojan source code released in a similar leak. Braving the russian Zbot crime thugs, while a manly act in itself, cannot be compared to rising versus the Mossad. Mordechai Vanunu did that in 1986, got 18 years in prison (spent 14 of that in solitary confinement) and the world public simply refused to look at all the proof he disclosed about the zionist A-bomb making factory at Dimona. Everybody is totally afraid of the military, political and financial might of the global jewry, so the world keeps silent!