I read that the source code for the financial malware ZeusVM was leaked and it is expected to spur a flurry of...
new botnets. What are the consequences of financial malware source code like this going public, and is there anything security teams should do when this happens? Could this ultimately be a good thing, since security researchers can now examine the ZeusVM source code?
Cybercriminals often find out when the security of one of their systems was compromised the same way that enterprises find out: They are notified by a third party. The source code for the infamous Zeus Trojan has been leaked before -- in 2011 -- but in this case, the source code to the financial malware was not released. The antimalware group Malware Must Die found a copy of the ZeusVM malware tool being shared on underground forums; the ZeusVM malware tool, also known as KINS, is used for compiling the malware and making configurations. The steps for setting up the compilers and configurations tools are often difficult for novice programmers, so ZeusVM can help beginners create and deploy financial malware like this.
It's unclear why the ZeusVM code was leaked or who was behind, but the Malware Must Die researchers decided to announce that the code was freely available on the Web to raise awareness of the potential threat. There are closed-trusted communities of security professionals for legitimately sharing threat intelligence, malware, or other analysis of offensive attack data that could be used by good guys to add detection or prevention measures to security tools. This sharing benefits the security community, but the closed nature is problematic at times. The sharing of the ZeusVM code in underground forums does increase the number of people with the financial malware tool, but without the Zeus Trojan source code, it's of little use.
The ZeusVM appears to be a powerful financial malware tool that makes it easier to operate the full lifecycle of the malware, but does not fundamentally change the risk from Zeus attacks. Security teams did not implement new security controls because of the publication of the ZeusVM or KINS code. But they should monitor Zeus developments to identify if new exploits or techniques are included in the financial malware.
Discover how to adapt your security program to address emerging threats
Find out if there are bigger threats hiding in click fraud malware
Dig Deeper on Hacker tools and techniques: Underground hacking sites
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ...continue reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common...continue reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.