The Latest in IT Security

Zeus source code leaked: toolkit for the masses?


Back in February, Brian Krebs was reporting that the Zeus toolkit source code (whose individual licenses cost as much as $10,000) could sell for up to $100,000.

Well, like a lot of hot commodities today, Zeus has been leaked on the Internet. It took me roughly 5 minutes (including the download time) to get a copy.

It comes as a .rar file called zeus.rar with a password protection (zeus):

The compressed file (9.20 MB) comes to a much larger size when extracted with a lot files:

Here is an overview:

The package includes a user manual in Russian and English.

Here is some technical information about the Zeus bot:

– It is compiled in Visual C++.
– XP/Vista/Seven, as well as 2003/2003R2/2008/2008R2  compatible.
– Windows x64 support.
– It attempts to infect all users in the system.
– It runs a copy of its code in each process of the user (without using a DLL).
– It has unique names of all objects (files, MUTEXes, registry keys) when creating a bot for every user.
– It intercepts HTTP/HTTPS-requests from wininet.dll (Internet Explorer, Maxton, etc.), nspr4.dll (Mozilla Firefox) libraries.
– It steals credentials from FTP-clients: FlashFXP, CuteFtp, Total Commander, WsFTP, FileZilla, FAR Manager, WinSCP, FTP Commander, CoreFTP, SmartFTP.

and more.

Needless to say, hackers wannabe are going to study this source code and steal ideas to make their own customized bot.

Just what the security community needed.

Jerome Segura

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments