Members
Stats
  • Total Posts: 28513
  • Total Topics: 8240
  • Online Today: 816
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Zeus Trojan - Source code available for Free in underground Forums  (Read 11201 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
 

Source code for the latest version of the ZeuS crimeware kit has been leaked on the internet, giving anyone who knows where to look free access to a potent set of malware-generation tools that normally sell for as much as $10,000.

Complete source code is available in at least three different locations, ensuring that it is now permanently available to the masses, Peter Kruse, a researcher with Danish firm CSIS Security, told The Reg. While the release could erode the paid market for the DIY malware kit, it could also spawn entire new kits that clone the existing code and build new features or services on top of it.

“The source code has until now been shared in very closed communities or bought by criminals with significant funds,” Kruse wrote in an email. “With the release of the entire code it's obvious we will see new versions/rebrands or improvements in general. If this grows outside of the established underground ecosystem it could have a significant impact.”

Selling in the criminal underground for anywhere from $2,000 to $10,000, ZeuS is best known as a tool for developing customized trojans that send victims' banking credentials to servers under control of the attacker. Premium versions include technical support and advanced features, such as the ability to bypass two-factor authentication offered by some financial institutions. Although there are rival crimekits such as one dubbed Eleonore, ZeuS is considered one of the most powerful and widely used of them.

But over the past year, ZeuS has undergone a fair amount of upheaval. In September, security researcher Billy Rios disclosed a serious vulnerability in ZeuS that allows whitehats and blackhats alike to seize control of botnets built using the crimekit. Around the same time, authorities in the UK, US and Eastern Europe accused dozens of individuals of laundering millions of dollars siphoned out of ZeuS-compromised bank accounts.

More recently, researchers have found evidence that the ZeuS code base has been merged with a separate crimekit known as SpyEye. And in March, CSIS's Kruse discovered ZeuS source code for sale in underground forums: http://www.theregister.co.uk/2011/03/23/zeus_source_code_sale/

The general release of the ZeuS source code makes it all but certain that no one will pay money for the standalone version of the program, at least until its creators add must-have features to it that aren't available now. It's not clear who released the code or why.

ZeuS's growing pains resemble in many ways the challenges legitimate software packages experience as they grow in popularity.

“I do like the fact that as these crimeware softwares become more mature, the developers and maintainer will start to face the same challenges as traditional software – security patches, piracy, protecting IP, feature requests, even PR,” said Rios, who is a former security researcher for Microsoft. “I find this funny having spent some of my life worrying about the same issues as a proper security/software engineer.”

(ElReg)


FYI, if you have problems with Zeus (ZBot, ZeusBot or WSNPoem) here is a latest Removal Tool from BitDefender: http://scforum.info/index.php/topic,4536.0.html




Samker's Computer Forum - SCforum.info





neerajrawat1

  • SCF VIP Member
  • *****
  • Posts: 234
  • KARMA: 36
  • Gender: Male
  • We believe in sharing is caring
    • Experts Galaxy
yup just downloaded it will see tomarrow what exactly does it contain?

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
yup just downloaded it will see tomarrow what exactly does it contain?

...N., just be careful. ;)


jheysen

  • SCF Global Moderator
  • *****
  • Posts: 753
  • KARMA: 100
  • Gender: Male
N... I sincerely don't know what will you find.. but I strongly propose you to analyze it in a testing environment or Virtual Machine, so you minimize the risks of getting infected with it.
Good thing is that if analyzed and used properly, powerful tools for discovering vulnerabilities may be made.

neerajrawat1

  • SCF VIP Member
  • *****
  • Posts: 234
  • KARMA: 36
  • Gender: Male
  • We believe in sharing is caring
    • Experts Galaxy
@Samker & jheysen

yup I dwlded in a test machine

favormm

  • SCF Newbie
  • *
  • Posts: 1
  • KARMA: 0
yup just downloaded it will see tomarrow what exactly does it contain?
Can you send it to me?  I don't know where to download. email:topgiftie@hotmail.com  or topgiftie@gmail.com thanks

neerajrawat1

  • SCF VIP Member
  • *****
  • Posts: 234
  • KARMA: 36
  • Gender: Male
  • We believe in sharing is caring
    • Experts Galaxy
Sorry friend cant send it ,who really need this wont take much time to find it sorry again its against the forum rules Samker posted so just replied else I dont discuss penetration testing stuff here

vishwanath99

  • SCF Member
  • **
  • Posts: 61
  • KARMA: 6
  • Gender: Male
Description: Bot]
Language and IDE programming:
Visual C++ (current version 9.0).
Supported OS: XP/Vista/Seven, as well as 2003/2003R2/2008/2008R2. Included work under Windows x64, but only for 32-x bits processes. Also retained full bot work under active "Terminal Servers" sessions.
Action principle:
Bot is based on intercepting WinAPI, by splicing in ring3 (user mode), by running a copy of its code in each process of the user (without using DLL).
Installation process: the bot is primarily designed to work under Vista/Seven, with enabled UAC, and without the use of local exploits. Therefore the bot is designed to work with minimal privileges ( "Guest"), in this regard the bot is always working within sessions per user (from under which you install the bot.). Bot can be set for each use in the OS, while the bots will not know about eachother. When you run the bot as "LocalSystem" user it will attempt to infect all users in the system.
When you install, bot creates its copy in the user's home directory, this copy is tied to the current user and OS, and cannot be run by another user, or even more OS. The original copy of the same bot (used for installation), will be automatically deleted, regardless of the installation success.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising