Zeus Botnet Source Code Leaked to Internet

The source code for one of the worst botnets has been leaked to the internet according to eWeek. Zues or ZBot as it is also called is a trojan virus that steals banking credentials.

Formerly the botnet was for sale on the underground for about $5,000. But according to the article, the source code is now available freely:

The complete source code for the Zeus malware kit is being freely distributed as a ZIP file on several underground forums, Peter Kruse, a security researcher with Danish security firm CSIS, wrote on the company blog on May 9. Kruse downloaded the ZIP file, compiled the code and confirmed it worked “like a charm.”

Not only can the source code be compiled and ran by just about anybody, specific parts of the virus could be copied out and used in a completely different malware program.

For more information, see eWeek.

New Advanced Threats Facing the Financial Sector

Just finished listening to a very good security briefing from the FS-ISAC called “Research Update on Malware and Phishing Webinar“.

Here are some of the top points from the seminar:

Latest Threats

Mobile Zeus – First spotted in September of 2010 and next in Febuary of 2011. Attacks not only the PC but also mobile devices. It attempts to intercept the additional authentication from mobile device that many banks are using now.

Tatanga – Attacks at the TCP level, not HTTP. Basically takes over your browser. Sends all encrypted (SSL) data in plain text to the malware server, the malware server then creates the encrypted tunnel for you and plays man-in-the-middle. It also blocks all warning messages that would usually pop up in the browser.

They also talked about Phishing servers (bad sites that steal your credentials). These malware servers get up to 80% of their authentication thefts within 5 hours of the server being put online. No wonder they are so hard to take out!

Mobile devices are coming under increased attacks, and need to be secured. They are vulnerable to exploits just like PC’s and most users do not bother to update the operating systems. Also rooted or jail-broken devices are really starting to become an issue in corporate settings.

The best way to protect against these attacks are to keep both your PC’s and mobile devices patched and updated. A little security goes a long way!