Arsgera - Fotolia
I read that the source code for the financial malware ZeusVM was leaked and it is expected to spur a flurry of new botnets. What are the consequences of financial malware source code like this going public, and is there anything security teams should do when this happens? Could this ultimately be a good thing, since security researchers can now examine the ZeusVM source code?
Cybercriminals often find out when the security of one of their systems was compromised the same way that enterprises find out: They are notified by a third party. The source code for the infamous Zeus Trojan has been leaked before -- in 2011 -- but in this case, the source code to the financial malware was not released. The antimalware group Malware Must Die found a copy of the ZeusVM malware tool being shared on underground forums; the ZeusVM malware tool, also known as KINS, is used for compiling the malware and making configurations. The steps for setting up the compilers and configurations tools are often difficult for novice programmers, so ZeusVM can help beginners create and deploy financial malware like this.
It's unclear why the ZeusVM code was leaked or who was behind, but the Malware Must Die researchers decided to announce that the code was freely available on the Web to raise awareness of the potential threat. There are closed-trusted communities of security professionals for legitimately sharing threat intelligence, malware, or other analysis of offensive attack data that could be used by good guys to add detection or prevention measures to security tools. This sharing benefits the security community, but the closed nature is problematic at times. The sharing of the ZeusVM code in underground forums does increase the number of people with the financial malware tool, but without the Zeus Trojan source code, it's of little use.
The ZeusVM appears to be a powerful financial malware tool that makes it easier to operate the full lifecycle of the malware, but does not fundamentally change the risk from Zeus attacks. Security teams did not implement new security controls because of the publication of the ZeusVM or KINS code. But they should monitor Zeus developments to identify if new exploits or techniques are included in the financial malware.
Discover how to adapt your security program to address emerging threats
Find out if there are bigger threats hiding in click fraud malware
Dig Deeper on Hacker tools and techniques: Underground hacking sites
Related Q&A from Nick Lewis
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and ... Continue Reading
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading