There are countless variants of the Zeus Trojan, also known as Zbot and Zitmo. Eventually the Zeus Trojan had its source code releases to the public in 2011 and that. Download SpyHunter's FREE Malware Remover. 3 years ago Reply. As mentioned by echelon, Zeus source code is available in GitHub. Availability of its source code (leaked in 2011) is one of the reasons many.
Late last year, online crime forums were abuzz with talk that development of the world’s most notorious banking Trojan — ZeuS — was being retired, after its maker handed the malware’s secret blueprints to a rival developer. The recipient of those plans — the author of the SpyEyeTrojan— has been hard at work on a malware strain that blends the two malware families. But new evidence suggests that the source code for the latest ZeuS version may have also been given or sold to a third party who is now reselling it to the highest bidder in the criminal underground, a development that could soon guarantee the production of a whole new ZeuS lineage.
Sources say the ZeuS author — known variously as “Slavik” and “Monstr” on criminal forums — gave the SpyEye author Gribodemon stewardship over the ZeuS code base, on the condition that Gribodemon agreed to provide ongoing support for existing ZeuS clients, a sizable user base that demands considerable care and attention. Sources also believe Slavik may have separately sold the code itself, ostensibly to the same individual shown in the screen shot below.
Established crime forums are built upon reputation, which is earned over a period of time by points awarded from other members for positive or negative transactions — much like eBay’s buyer and seller feedback system. The solicitation in the above screen shot is unlikely to be a fake: It indicates that the seller has been a member of this particular vetted crime forum since June 13, 2009, and has 18 positive reputation points and zero negative.
This seller is offering the full ZeuS source code for the latest version 2.0.8.9, and warns away members without a significant war chest. But how much could the code actually fetch? Toward the end of last year, the ZeuS author was selling fully-loaded, single-user licenses for up to $10,000 apiece. Aviv Raff, chief technology officer and co-founder of Seculert, said this individual could probably demand at least ten times that amount for the source code, which would give the buyer full rights to sell one-off licenses to others, and/or to continue developing the malware family.
But don’t come bearing gold, credit cards, or even cold hard cash: This seller only accepts payment via an irreversible virtual currency called Liberty Reserve. On top of that, payments must be made through the forum’s escrow service — a feature offered by forum administrators designed to cut down on members ripping one another off — but one which can add considerably to the final price of the item(s) for sale.
Tags: Gribbodemon, Monstr, Nem, Slavik, zeus
Newsletter
![Zeus trojan remover Zeus trojan remover](/uploads/1/2/5/8/125869300/193781700.gif)
![Source Source](http://csmres.co.uk/cs.public.upd/article-images/Zeus---abxyz.jpg)
Subscribe to our Threatpost Today newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Infosec Insider Post
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.