With much fanfare and much to the chagrin of ne’er-do-wells far and wide, the Zeus Toolkit source code has been released to the public.
This is notable because normally it would cost quite a bit to purchase the kit and associated services (in excess of of US$10,000). With a release of this sort, the most immediate concern is what will be done with this code, in the wrong hands. Also, how quickly will we start to see examples of those efforts in botnets.
From a vendor point of view, when this sort of thing occurs, we must be ready to respond to customer and public queries about any countermeasures and safeguards that we can offer. Having said that, Zeus is not “new,” and we constantly (and have for years) been dealing with compiled binaries and output from this kit. The current technologies in our tool belt (AV, NIPS, HIPS, app control/whitelisting, firewall, etc.) all provide protection against the output, traffic, and noise from the Zeus toolkit.
We are researching the source packages internally and will enhance our current protection should the need unexpectedly arise.
Stay tuned during the next 72 hours for more updates on this one. It should be interesting as the saga unfolds.
Leave a reply