The Cyber War (Complete Coverage) Part 2: A New Battlefield

The financial industry is bracing itself for the most dangerous cyber attack ever. A few months ago the complete source code for the notorious banking crimeware – Zeus – was released online, making it possible for almost everyone to use. The so-called “Trojan” is likely to be responsible for the theft of billions of dollar since its first appearance in 2007. No one knows who is behind it. But what worries the security people most at the moment is; what are these guys doing now?

“In reality, they’re probably moving on to something bigger and nastier.”

Fraser Howard

The security industry is bracing itself for an increase in financial cyber crime after the complete source code for the Zeus crime ware kit was released online, PCPlus Magazine writes in its summer edition. Zeus is considered one of the most sophisticated banking Trojans running wild in cyber space at the moment, and have been the focus of several multi-million fraud investigations by the US FBI and the UK Metropolitan police.

The release of the Zeus source code about three months ago means that anyone now can set up their own Zeus botnet and create their own brand new financial Trojans.

“Even people with minimal technical knowledge are able to set up a fully functional botnet in less than five minutes.”

According to the security company, Trend Micro, the Zeus is so easy to use, and so well supported, that even people with minimal technical knowledge are able to set up a fully functional botnet in less than five minutes.

David Perry

“We will see a lot more attacks on the general public and more attacks that affect consumers,” David Perry, Global Director of Education at Trend Micro predicts.

However, the focus of most security experts right now is what other cyber criminals will do with newly leaked code.

“There will be plenty of script kiddy interest at first,” says Howard Fraser, principal researcher at the security firm Sophos.

Adding: “But the most concerning thing about the release is that it might enable people to add functionality from Zeus to their own malware.”

Last year, the Police Central E-Crime Unit at Scotland Yard disrupted a Zeus operation in Essex (UK) that had stolen a total of GBP 6 million from customers of HSBC, Barclays and Lloyds TSB.

In March this year an unemployed man from Manchester (UK) was sentenced to five years in prison after using Zeus to infect more than 15.000 computers worldwide.

Zeus, also known as Zbot, is a password stealing Trojan that allows the attacker to control a whole network of infected computers – a so-called botnet.

The malware hide itself inside legitimate programs, undetected by anti-virus software, and interacts with your browser directly to monitor traffic.

Before the Zeus was made available to everyone in May this year, it was sold for about USD 10.000 on the black cyber market. It was shipped with an easy-to-use graphic interface, providing regular automatic upgrades – and even with a 24/7 online support!

“Its writers are not the same as the people who implement it. These guys don’t want to do the criminal activity, they just want to write code.”

“It’s a very sophisticated piece of code, professionally written with a good understanding of C++. Its writers are not the same as the people who implement it. These guys don’t want to do the criminal activity, they just want to write code,” David Perry at Trend Micro says.

“Zeus shows the level of professionalism in the world of cyber crime,” he points out.

For a long time, the Zeus worked alongside other malware like Bredolab, FakeAV and Koobface – a virus found on social network sites.

“The fact that you can blend up pieces of malware from different groups and use them in the same attack is just startling.”

But recently it was discovered that someone had merged the Zeus with its rival – SpyEye – to create another, even more dangerous, hybrid banking crimeware toolkit.

“The fact that you can blend up pieces of malware from different groups and use them in the same attack is just startling,” Perry says.

Today, not two implementations of the Zeus are alike.

An infection typically has as many as 50 different components working at the same time.

A recently discovered version included the Jabbar instant messaging client (used in Google Talk) to deliver a live feed of the victims’ banking credentials while they were logging in.

This made it possible for the attackers to raid a bank account in barely a couple of seconds.

Detection by antivirus software are still remarkably low: Under 40 percent, according to the Zeus Tracker website.

The experts are still puzzled by the question of why the crimeware’s source code now is being handed out for free.

Particularly since it was offered for sale – just a few months ago – for a six-figure sum.

“Zeus has been around since 2007. Car models don’t last that long!”

There are several theories.

Some researchers believe it’s done to “muddy the waters,” making it more difficult for law enforcement to track its origin.

Others believe the opposite; that it was released on purpose so that the clues and patterns in the codes eventually might lead back to its authors.

However, most experts agree that the Zeus itself was about to reach the end of its lifetime.

“Zeus has been around since 2007. Car models don’t last that long! Zeus is falling from the star position. The big guys are done with it,” Perry states.

Fraser Howard

But don’t think for a second that this means bank may let down their guard for a moment.

“It would be nice to think that the authors of Zeus had made enough money to hang up their boots and do something more worthwhile. In reality, they’re probably moving on to something bigger and nastier,” Fraser Howard at Sophos concludes.

See also: What is Zeus? Technical presentation by Sophos.

.

The History of Zeus

*

Latest updates (provided by The Hackers News – THN)

July/August 2011

Related by the EconoTwist’s:

12 Comments

Filed under International Econnomic Politics, National Economic Politics, Technology

12 responses to “The Cyber War (Complete Coverage) Part 2: A New Battlefield

  1. Dragon Images

    Amazing Owen Hargreaves you’ll soon be scoring them again mate just from another part of town LOL!

  2. Antipasti

    Thanks for sharing the link – but unfortunately it seems to be down? Does anybody have a mirror or another source?

    • Well, http://www.scribd.com have deleted the EconoTwist’s account due to copyright issues. (As ususal after we’ve made some critical remarks about the financial industry…) However, another solution for publishing the documents will be available soon.

      AllTheBest
      econotwist’s

  3. New wave dlc

    Thanks so significantly for yet another post. I be able to get that kind of data information. friend, and exactly.

  4. Pingback: Sinecta.com

  5. website development delhi

    You made some respectable points there. I seemed on the internet for the issue and found most people will go along with with your website.

  6. blog maintenance

    When I actually commented My spouse and i clicked the “Notify me when new comments are added” checkbox and now every time a comment is usually added I get four e-mails with the same brief review. Is there any way you can clear away me out of that service? Thanks!

    • It’s not an unfamiliar problem you are describing. I’ll unplugg you via my dashboard, and see if that helps.
      Appreciate the feedback.

      AllTheBest
      econotwist’s

  7. Pingback: Major Security Problems at Baltic Bank Group | EconoTwist's

  8. Pingback: Financial Industry To Spend $90 Billion on New Technology | EconoTwist's

  9. Pingback: Hackers: Wall Street Is An Easy Target | EconoTwist's

  10. Pingback: The War You Dont See » The Cyber War (Complete Coverage) Part 2: A New Battlefield …