The Cyber War (Complete Coverage) Part 2: A New Battlefield

The financial industry is bracing itself for the most dangerous cyber attack ever. A few months ago the complete source code for the notorious banking crimeware – Zeus – was released online, making it possible for almost everyone to use. The so-called “Trojan” is likely to be responsible for the theft of billions of dollar since its first appearance in 2007. No one knows who is behind it. But what worries the security people most at the moment is; what are these guys doing now?

“In reality, they’re probably moving on to something bigger and nastier.”

Fraser Howard

The security industry is bracing itself for an increase in financial cyber crime after the complete source code for the Zeus crime ware kit was released online, PCPlus Magazine writes in its summer edition. Zeus is considered one of the most sophisticated banking Trojans running wild in cyber space at the moment, and have been the focus of several multi-million fraud investigations by the US FBI and the UK Metropolitan police.

The release of the Zeus source code about three months ago means that anyone now can set up their own Zeus botnet and create their own brand new financial Trojans.

“Even people with minimal technical knowledge are able to set up a fully functional botnet in less than five minutes.”

According to the security company, Trend Micro, the Zeus is so easy to use, and so well supported, that even people with minimal technical knowledge are able to set up a fully functional botnet in less than five minutes.

David Perry

“We will see a lot more attacks on the general public and more attacks that affect consumers,” David Perry, Global Director of Education at Trend Micro predicts.

However, the focus of most security experts right now is what other cyber criminals will do with newly leaked code.

“There will be plenty of script kiddy interest at first,” says Howard Fraser, principal researcher at the security firm Sophos.

Adding: “But the most concerning thing about the release is that it might enable people to add functionality from Zeus to their own malware.”

Last year, the Police Central E-Crime Unit at Scotland Yard disrupted a Zeus operation in Essex (UK) that had stolen a total of GBP 6 million from customers of HSBC, Barclays and Lloyds TSB.

In March this year an unemployed man from Manchester (UK) was sentenced to five years in prison after using Zeus to infect more than 15.000 computers worldwide.

Zeus, also known as Zbot, is a password stealing Trojan that allows the attacker to control a whole network of infected computers – a so-called botnet.

The malware hide itself inside legitimate programs, undetected by anti-virus software, and interacts with your browser directly to monitor traffic.

Before the Zeus was made available to everyone in May this year, it was sold for about USD 10.000 on the black cyber market. It was shipped with an easy-to-use graphic interface, providing regular automatic upgrades – and even with a 24/7 online support!

“Its writers are not the same as the people who implement it. These guys don’t want to do the criminal activity, they just want to write code.”

“It’s a very sophisticated piece of code, professionally written with a good understanding of C++. Its writers are not the same as the people who implement it. These guys don’t want to do the criminal activity, they just want to write code,” David Perry at Trend Micro says.

“Zeus shows the level of professionalism in the world of cyber crime,” he points out.

For a long time, the Zeus worked alongside other malware like Bredolab, FakeAV and Koobface – a virus found on social network sites.

“The fact that you can blend up pieces of malware from different groups and use them in the same attack is just startling.”

But recently it was discovered that someone had merged the Zeus with its rival – SpyEye – to create another, even more dangerous, hybrid banking crimeware toolkit.

“The fact that you can blend up pieces of malware from different groups and use them in the same attack is just startling,” Perry says.

Today, not two implementations of the Zeus are alike.

An infection typically has as many as 50 different components working at the same time.

A recently discovered version included the Jabbar instant messaging client (used in Google Talk) to deliver a live feed of the victims’ banking credentials while they were logging in.

This made it possible for the attackers to raid a bank account in barely a couple of seconds.

Detection by antivirus software are still remarkably low: Under 40 percent, according to the Zeus Tracker website.

The experts are still puzzled by the question of why the crimeware’s source code now is being handed out for free.

Particularly since it was offered for sale – just a few months ago – for a six-figure sum.

“Zeus has been around since 2007. Car models don’t last that long!”

There are several theories.

Some researchers believe it’s done to “muddy the waters,” making it more difficult for law enforcement to track its origin.

Others believe the opposite; that it was released on purpose so that the clues and patterns in the codes eventually might lead back to its authors.

However, most experts agree that the Zeus itself was about to reach the end of its lifetime.

“Zeus has been around since 2007. Car models don’t last that long! Zeus is falling from the star position. The big guys are done with it,” Perry states.

Fraser Howard

But don’t think for a second that this means bank may let down their guard for a moment.

“It would be nice to think that the authors of Zeus had made enough money to hang up their boots and do something more worthwhile. In reality, they’re probably moving on to something bigger and nastier,” Fraser Howard at Sophos concludes.

See also: What is Zeus? Technical presentation by Sophos.

.

The History of Zeus

*

Latest updates (provided by The Hackers News – THN)

July/August 2011

•  BackBox – Linux distribution based website Hacked
• British police issue warning to Anonymous, Lulzsec and other internet hacktivists
• Operation Shady RAT – Biggest Cyber Attacks in history uncovered
• Operation Defense – Anonymous shut down Colombia’s president website
• Zero-day flaw in WordPress image utility allows to upload files and execute codes
• CA security finds Android Trojan which records phone calls
• Sun website 1000′s users data stolen
• Italian Intelligence agency CNAIPIC steals sensitive data from Indian Embassy
• 30 China Government Sites Hacked By Hitcher
• Another Government contractor – PCS Consultants (USA) got hacked by #Antisec
• Accused LulzSec hacker Topiary released on bail
• Vimeo (Brazil) Video sharing site got hacked by Terminal_pk
• 7000 law enforcement officers details leaked by Anonymous Hackers
• ZCompany Pakistani Hackers deface big Indian Websites
• 77 Law Enforcement websites hit in mass attack by #Antisec Anonymous
• Italy’s Police IT network vitrociset.it Database Hacked and Leaked by #Antisec
• Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous
• Nicolas Sarkozy’s official Elysee Palace website Hacked for ‘Get Him Out’ Game
• South Korean social network hacked, 35 million users Data at risk
• Anonymous hacks Defense contractor ManTech for #Antisec
• Paypal gives FBI the list of IP Address of 1,000 Anonymous hackers
• SPINN – Secure Personal Information Notification Network Hacked By Inj3ct0r
• War Texting: Hackers Unlock Car Doors via SMS
• Iframe Injection Vulnerability on FileHippo – Popular software download site
• LulzSec Member Topiary arrested in the Shetland Islands
• #OpPayPal – Anonymous calls for boycott of PayPal for blocking Wikileaks
• BSNL System Hacked by Pakistan Cyber Army – Users info at risk
• Operation Intifada: Anonymous Prepares For DDOS Attack on Israel Parliament
• 90.000 web pages infected by mass iFrame attack
• Change.Gov Donor List 2010 leaked by #Antisec
• Anonymous, LulzSec & Stuxnet nominated for Pwnie Awards 2011 for Epic 0wnage
• 300 Military and Government Accounts leaked by P0keu
• CNAIPIC – Italian government hacked by #Antisec, Various Confidential documents leaked
• Mallika Sherawat official website Defaced by KFMDD Teams Hackers
• Philippines Congress hacked by BashCrew for #AntiSec
• Colombian Anonymous Hackers reveal personal data of Colombian police officials
• English Defense League Facebook Page Deleted & Members Mobile Numbers Leaked
• Apple Mac Books Can Be Hacked Through the Battery
• Pakcyberarmy database hacked and Leaked by Indian Hacker – Lucky
• 8 Court Cases against Sarah Palin Leaked By TeaMp0iso
• NJouve Group hacked by Inj3ct0r Team against the Nato
• 10 Peru government sites database Dump from #antisec Peru
• 15 Porn sites defaced by Amin Safi (Tunisian Hacker)
• Critical Vulnerabilities in Facebook and Picasa discovered by Microsoft
• Harvard researcher arrested on hacking charges
• India – US sign Cyber Shield deal
• Sify.com hacked with SQL Injection Vulnerability
• WD TV Live Hub Compromised – Multiple Vulnerabilities Found By Dr. Alberto Fontanella
• Association of American Feed Control Officials (AAFCO) Hacked by ZHC
• Anonplus.com (Anonymous Social Networking Site) Hacked by AKINCILAR
• FBI Raids Homes of Suspected Anonymous Hackers at New York
• LulzSec will release Murdoch email archive
• FBI arrests AT&T employee for leaking information to Anonymous
• Microsoft offers $250,000 reward for information of Rustock Botnet
• Auth3ntiQ & shika01 found Local file include on numericable.be & numericable.lu
• Tourism Development Corporation of Punjab – Pakistan (TDCP) Hacked by Code Injector
• Israel Web Hosting Server Hacked For Palestine by Dr T.
• Lady Gaga website hacked and fans details stolen by Hackers
• THE CRAZIES Hackers Leaks Server Certificates of Defense Information Systems Agency (DISA)
• 4000 Websites hacked by the 077 ( HamDi HaCker )
• Parliament of Botswana hacked by V0iD
• Jawahar Knowledge Center website Hacked & Databse leaked by PCA
• EC-Council Academy Hacked by GaySec (Malaysian hackers)
• Songs.pk hacked by Indishell against Mumbai blasts
• Yellowstone County website hacked – Tax Payers Information at Risk
• Pentagon Admits to biggest ever data breach

Related by the EconoTwist’s:

• The Cyber War: Complete Coverage (Part 1)
• Kaspersky: Military-Run Cyber Attacks Real Future Threat
• Online Banking Malware Has Surfaced
• Citibank Hacked: 200.000 Credit Card Numbers Stolen, May Affect 20 Million Customers
• Hackers Threaten To Attack The US Federal Reserve
• And Here We Go: Nasdaq Stock Exchange Hacked!
• NASDAQ Hackers Aimed At Corporate Bonds
• NASDAQ Comments On Hackers, Lack of Information
• Hackers Target The New York Stock Exchange
• Cyber Attacks Force EU to Close Emission Trading System
• EU Institutions Hit By Major Cyber Attack
• Internet Nuke Bomb Ready To Blow
• Stuxnet Mutants All Over The Web
• Europe: Cyber Criminals Attack Critical Water, Oil and Gas Systems
• The REAL Weapon of Mass Destruction