Zeus builder source codes that were previously found were compressed and encrypted files on the internet, but without decrypt password, those files haven’t been being used so far.
From today, available sources’ sharing officially has been confirmed.
Since spreading files to release encrypted source code will help user easily decode, variants of Trojan horse targeting online banking will be increased exponentially. In addition, the threats of Bot-Net consisted of malicious files are relatively high.
Therefore, "A comprehensive security review” is required to minimize security threats on online banking involved with Zeus malicious file.
2. Disclose decompressed version Zeus source code
This following figure is the Zeus source code in certain website.
Downloading is available via shared domain found by us, and password spread on his twitter also can role as a key of that compressed file.
Based on our analysis, comparison between our source code and currently prevalent source code, the source code, compressed file found lately, was almost same but just excluding Russian document file.
In addition, if you trying to build source code, you can see Zeus Package Builder screen as following and can build.
3. Easy to make Zeus variant malicious file
Zeus malicious file can be detected and treated by latest version of nProtect Anti-Virus with the diagnosis name of Zbot. The more worsen is emerging and spreading similar variants of Zbot, and spreading Builder source program will copy variants uncountable.
Furthermore, various versions of builders are used to make malicious file.
Because source code can change the builder tool to be able to develop malicious file, the technique to block at source level is needed.
Following figure shows that leaked source can work. Malicious files configuration is in Actions part and it can aim for various online banking web site.
4. How to respond
We tested simple procedure with using latest malicious file built by this Zeus builder. nProtect KeyCrypt, Keyboard security solution of INCA Internet, protected inputted key with the result of web page password key inputting test.
General user can hardly notice something happened in his PC while spreading malicious file.
To use PC safely from security threats of these malicious files, we recommend following tips "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.