Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zeus Crimeware Kit Source Code Leaked

Posted by CmdrTaco on from the yeah-sorry-bout-that dept.

Trailrunner7 writes "The source code to the infamous Zeus crimeware kit, which has been sold on underground forums for years, has been leaked and is now available for anyone to see if they know where to look. Security researchers over the weekend noticed that files appearing to contain the source code for the Zeus crimeware kit were starting to pop up on various forums frequented by attackers and cyber-criminals. The Zeus exploit kit is perhaps the most well-known kit of its kind right now, and has been used by a variety of attackers for numerous malware campaigns and targeted attacks."

17 of 121 comments (clear)

  1. This story is useless by roman_mir · · Score: 3, Informative

    This story is useless without the actual source code attached to it.

    --
    You can't handle the truth.
    1. Re:This story is useless by Anonymous Coward · · Score: 5, Informative

      http://www.thehackernews.com/2011/05/finally-source-code-of-zeus-crimeware.html

      You're welcome.

    2. Re:This story is useless by thijsh · · Score: 2

      Thank you very much! The RAR archive (9.2Mb, password 'zeus') contains the Zeus source code alright (almost 60 KLOC of C++ and PHP with 10 KLOC of Russian comments). Interesting to see how the different parts work, I hope someone does an English translation for all non-Russian-speaking security researchers...

  2. Both good and bad news... by Manip · · Score: 3, Insightful

    This news is good for the security researchers and anti-virus companies to a certain degree, but bad for the rest of us. Zeus is extremely well written and extendible. Now "everyone" has access to it.

    The ironic part about charging people for access was that it kept the number of criminals with access to the world's best crimeware kit down, and now the floodgates have opened.

    1. Re:Both good and bad news... by x*yy*x · · Score: 4, Funny

      But isn't open source a good thing? Now everyone can improve it and so on..

    2. Re:Both good and bad news... by Anonymous Coward · · Score: 2, Funny

      My company is on it...after a year through our processes, zeus will be so broken and useless no one will want to use it.

  3. Success! by binarylarry · · Score: 2, Insightful

    Chalk up another victory for Open Source!

    Err wait...

    --
    Mod me down, my New Earth Global Warmingist friends!
    1. Re:Success! by rednip · · Score: 4, Funny

      But it's not open source, it's pirated code. The copyright holders should sue!

      --
      The force that blew the Big Bang continues to accelerate.
  4. Cool, now maybe we can get a Linux port by halfdan+the+black · · Score: 5, Funny

    Why do Windows users get all kinds of great software like this, now with the source, maybe we can finally get some really great malware for Linux.

    1. Re:Cool, now maybe we can get a Linux port by jimicus · · Score: 3, Interesting

      Meh. Like any security model, it's only good if it gets used properly in the real world.

      Windows has a perfectly good security model, it's only when exposed to real-world use it falls over horribly. Make it too complex and people will do everything in their power to undermine it.

    2. Re:Cool, now maybe we can get a Linux port by VortexCortex · · Score: 3, Insightful

      Why do Windows users get all kinds of great software like this, now with the source, maybe we can finally get some really great malware for Linux.

      You jest, but your joke is confused. A "Linux port" would mean that users of Linux would be able to use the attack toolkit -- not that they would suddenly become susceptible to the Windows exploit vectors.

      Thus a port wouldn't enable us to create malware targeting Linux any more than a Windows port of GCC suddenly makes MS Visual Studio better.

  5. PWS-Zbot.gen.ds trojan detected by doperative · · Score: 5, Funny

    Says "PWS-Zbot.gen.ds trojan detected" here ...

    1. Re:PWS-Zbot.gen.ds trojan detected by Anonymous Coward · · Score: 3, Funny

      Duh.

    2. Re:PWS-Zbot.gen.ds trojan detected by TypoNAM · · Score: 2

      Yep, clamwin reported this:

      F:\zeus\ZeuS 2.0.8.9\output\builder\zsb.exe: Trojan.Spy.Zbot-142 FOUND
      F:\zeus\ZeuS 2.0.8.9\output\client32.bin: Trojan.Spy.Zbot-142 FOUND

      ----------- SCAN SUMMARY -----------
      Known viruses: 950447
      Engine version: 0.97
      Scanned directories: 49
      Scanned files: 436
      Infected files: 2

      Data scanned: 36.92 MB
      Data read: 34.83 MB (ratio 1.06:1)
      Time: 15.219 sec (0 m 15 s)

      So, basically the zeus.rar archive contains a few precompiled executables that I assume were created with the provided source code and antivirus vendors already have the signatures for it.

      --
      This space is not for rent.
    3. Re:PWS-Zbot.gen.ds trojan detected by snemarch · · Score: 2

      +5 insightful. Or funny? Can't decide.

      --
      Coffee-driven development.
  6. jam3s? by Anonymous Coward · · Score: 3, Interesting

    Doing a little forensics on the solutions file for the visual studio project, we can see that the username the hackers users on his Windows box is "jam3s". There are several strings in the solutions file that reference this username:

    C : \ U s e r s \ j a m 3 s \ D e s k t o p \ Z e u s \
    C : \ U s e r s \ j a m 3 s \ D e s k t o p \ Z e u s \ s o u r c e \ c l i e n t \ c o r e . c p p

    I've seen this handle before in a lot of other malware designed to steal logon credentials and financial data.

    1. Re:jam3s? by _0xd0ad · · Score: 2

      He can't read your comment - for some reason his firewall isn't letting him load this page anymore. Something about malware.