I read that the source code for the financial malware ZeusVM was leaked and it is expected to spur a flurry of...
new botnets. What are the consequences of financial malware source code like this going public, and is there anything security teams should do when this happens? Could this ultimately be a good thing, since security researchers can now examine the ZeusVM source code?
Cybercriminals often find out when the security of one of their systems was compromised the same way that enterprises find out: They are notified by a third party. The source code for the infamous Zeus Trojan has been leaked before -- in 2011 -- but in this case, the source code to the financial malware was not released. The antimalware group Malware Must Die found a copy of the ZeusVM malware tool being shared on underground forums; the ZeusVM malware tool, also known as KINS, is used for compiling the malware and making configurations. The steps for setting up the compilers and configurations tools are often difficult for novice programmers, so ZeusVM can help beginners create and deploy financial malware like this.
It's unclear why the ZeusVM code was leaked or who was behind, but the Malware Must Die researchers decided to announce that the code was freely available on the Web to raise awareness of the potential threat. There are closed-trusted communities of security professionals for legitimately sharing threat intelligence, malware, or other analysis of offensive attack data that could be used by good guys to add detection or prevention measures to security tools. This sharing benefits the security community, but the closed nature is problematic at times. The sharing of the ZeusVM code in underground forums does increase the number of people with the financial malware tool, but without the Zeus Trojan source code, it's of little use.
The ZeusVM appears to be a powerful financial malware tool that makes it easier to operate the full lifecycle of the malware, but does not fundamentally change the risk from Zeus attacks. Security teams did not implement new security controls because of the publication of the ZeusVM or KINS code. But they should monitor Zeus developments to identify if new exploits or techniques are included in the financial malware.
Discover how to adapt your security program to address emerging threats
Find out if there are bigger threats hiding in click fraud malware
Dig Deeper on Hacker tools and techniques: Underground hacking sites
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.