The Internet could see a new wave of botnets based
on the ZeusVM banking Trojan after the tools needed to build and customize the
malware program were published
The source code for the builder and control panel
of ZeusVM version 2.0.0.0 was leaked sometime in June, according to a malware
research outfit called Malware Must Die (MMD). The leak was kept under wraps by
the researchers as they tried to stop the files from becoming widely available,
an effort that ultimately exceeded their resources.
As a result, the group decided to go public with the information Sunday
in order to alert the whole security community so that mitigation strategies
can be developed.
ZeusVM, also known as KINS, is a computer Trojan that hijacks the
browser process in order to modify or steal information from websites opened by
victims on their computers. It's primarily used to steal online banking
credentials, but other types of websites can also be targeted as long as
attackers list them in the configuration file downloaded by the Trojan from the
Internet.
As
its name suggests, ZeusVM is based on the infamous Zeus Trojan, whose own source code was leaked in 2011 after years of being the primary malware tool
used for online banking fraud.
Do you carry out regular Source code reviews?
No comments:
Post a Comment