• United States



ZeuS gang using channel model to proliferate

May 17, 20112 mins
Core Java

On the heels of Robert Lemos’ report last week about source code and a manual for the Zeus crimeware framework spilling out for public consumption, M86 Security Labs is weighing in with its own findings.

In an update sent to me yesterday by M86 press spokesperson Jan Wiedrick-Kozlowski, M86 researchers suggested the bad guys are following a channel distribution model to get more bang — and bucks — for their handiwork.

From the findings:

While some observers believe that the “leaking” of the code means that cybercriminals face the same IP protection challenges as traditional software developers, M86 Security Labs researchers suggest that the release of ZeuS freeware demonstrates that cyber criminals are adopting traditional channel distribution models in order to increase the profits from their malware.

Bradley Anstis, VP Technical Strategy at M86 Security comments, “The ZeuS creators could be trying to shake up the market by giving away the tool kit, so that they can make their money from subsequent “WebInject” projects.

Their aim could be to create a distribution channel so that they make more revenue through creating additional modules for the crimeware than they did from selling the application itself. If this is the case, then this is the first example of a “Crimeware Freemium Model” that we have seen.”

In August 2010, M86 Security Labs reported that ZeuS had been used to steal almost a million dollars from UK bank accounts. In October 2010, the ZeuS creator provided source code to the developer of competing banking malware, Spy-Eye, resulting in more powerful Trojans.

The release of ZeuS source code free of charge to the broader criminal network could help to establish ZeuS as the de-facto crimeware and lead to more potent banking malware variants warns M86 Security.Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!

The news is hardly surprising, but it does shed a little more light into the business model being developed by the bad guys.

–Bill Brenner