Zeus Returns to Wreak Havoc

by Sue Poremba

I haven't talked about the Zeus botnet lately. There was a period of time when I couldn't go a day without reading about Zeus or without getting an email with some news about the botnet.

I didn't know if it was because Zeus had moved past its spot in the news cycle (and it has been a very busy security-related news cycle) or if Zeus had gone relatively quiet.

Well, whatever the reason, Zeus -- or a variant of it -- has returned. In Fortinet's monthly threat landscape report, it was announced that a Zeus botnet variant was second in monthly malware activity due to its source code being cracked and leaked. According to Derek Manky, senior security strategist at Fortinet:

The surge in Zeus activity doesn't surprise us given the botnet's popularity and the fact that its source code was hacked and subsequently leaked to the public last May. We believe it's highly likely that we will continue to see Zeus and SpyEye -- another popular botnet whose source code was also recently cracked and leaked publicly -- to spread in waves in the coming months.

Oh joy.

Kaspersky Lab added that the Russian-speaking cybercriminals created a clone of Zeus that was quite popular with cybercriminals over the summer, selling for $600-$1800 in the United States. Kaspersky Lab's website said of the botnet, known as Ice IX:

One of Ice IX's most remarkable innovations is the altered botnet control web module which allows cybercriminals to use legitimate hosting services instead of costly bulletproof servers maintained by the cybercriminal community.

This will likely mean an increase of attacks involving online financial transactions.

Zeus has always been troublesome, but it appears that the new variant of the botnet could be anti-virus software proof.

I was happy that I didn't have to write about Zeus for a long time, but it looks like the botnet has returned to my radar for some time to come.

This article was originally published on Thursday Sep 15th 2011