Former Kaspersky Japan boss now malware researcher Hendrik Adrian is warning of a boom of ZeusVM botnets, after the trojan source code was leaked online.
Version two of the builder and panel source code leaked last month, and spotted by the French malware researcher known as Xylitol
More ReadingRussian hacker, nabbed in Spain, cops 4+ years for Citadel botnetMashed together malware threatens Japanese online banking usersFBI updates Most Wanted cyber felons list, offers US$4.2m bountiesWe’re in bed together, admit Intel Security, Trend Micro and NCAWin 95 code gaffe nearly made Stuxnet Suxnet, say infosec blokes
Adrian, who uses the online handle unixfreakjp, says he publicly disclosed the leak because criminals are building botnets based on the stolen toolkit code.
The leak covered only the botnet toolkit, not a disclosure of the Zeus trojan itself which could lead to a rush of Zeus malware variants.
"ZeusVM version two toolkit was leaked and spread all over the internet," Adrian says.
"Still so many bad guys know about this than good guys [so] today we decided to raise warning.
"We will see more ZeusVM botnets on the internet since … anyone with this toolkit in hand can generate ZeusVM 220.127.116.11 binaries and set up botnets via its panel."
Adrian says the leaked toolkit is being spread widely despite efforts to take down copies shared across cyberlocker sites, making it "very important" news for the information security community.
He says anti malware and threat analysts can now obtain a copy of the leak from him, a trusted source, in order to research methods to block the emerging botnets.
Adrian says VXers are now selling ZeusVM version three for $US5,000 on affiliate forums. ®