I read that the source code for the financial malware ZeusVM was leaked and it is expected to spur a flurry of...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
new botnets. What are the consequences of financial malware source code like this going public, and is there anything security teams should do when this happens? Could this ultimately be a good thing, since security researchers can now examine the ZeusVM source code?
Cybercriminals often find out when the security of one of their systems was compromised the same way that enterprises find out: They are notified by a third party. The source code for the infamous Zeus Trojan has been leaked before -- in 2011 -- but in this case, the source code to the financial malware was not released. The antimalware group Malware Must Die found a copy of the ZeusVM malware tool being shared on underground forums; the ZeusVM malware tool, also known as KINS, is used for compiling the malware and making configurations. The steps for setting up the compilers and configurations tools are often difficult for novice programmers, so ZeusVM can help beginners create and deploy financial malware like this.
It's unclear why the ZeusVM code was leaked or who was behind, but the Malware Must Die researchers decided to announce that the code was freely available on the Web to raise awareness of the potential threat. There are closed-trusted communities of security professionals for legitimately sharing threat intelligence, malware, or other analysis of offensive attack data that could be used by good guys to add detection or prevention measures to security tools. This sharing benefits the security community, but the closed nature is problematic at times. The sharing of the ZeusVM code in underground forums does increase the number of people with the financial malware tool, but without the Zeus Trojan source code, it's of little use.
The ZeusVM appears to be a powerful financial malware tool that makes it easier to operate the full lifecycle of the malware, but does not fundamentally change the risk from Zeus attacks. Security teams did not implement new security controls because of the publication of the ZeusVM or KINS code. But they should monitor Zeus developments to identify if new exploits or techniques are included in the financial malware.
Discover how to adapt your security program to address emerging threats
Find out if there are bigger threats hiding in click fraud malware
Dig Deeper on Hacker tools and techniques: Underground hacking sites
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.