THE SOURCE CODE of the Zeus Trojan is now freely available to any prospective criminal who fancies modifying the malicious threat to meet their own needs.
Security firm CSIS said it found the complete source code for the botnet crimeware was leaked on several underground forums, available in a compressed zip archive. CSIS researcher Peter Kruse said that it compiled the zip file in its labs, and it worked fine.
He said, "We can hereby confirm that the complete Zeus/ Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks."
It comes more than a month after the same company found that individuals were trying to sell the Zeus source code for profit. Previously it was rumoured that the owner of a rival crime kit in Spyeye had bought for their own use.
Zeus has been a challenge for the security industry to cope with in recent years, having been picked up by criminals as a good way of making money due to its ability to steal banking information through keylogging.
It's widely available, for example, as ready-made infection and build your own botnet kit. Criminals using and potentially tampering with the source code is something else entirely, however, as the more technical bad guys might find ways of adapting and evolving the Zeus Trojan for their own malicious purposes. µ