I didn’t know if it was because Zeus had moved past its spot in the news cycle (and it has been a very busy security-related news cycle) or if Zeus had gone relatively quiet.
Well, whatever the reason, Zeus — or a variant of it — has returned. In Fortinet’s monthly threat landscape report, it was announced that a Zeus botnet variant was second in monthly malware activity due to its source code being cracked and leaked. According to Derek Manky, senior security strategist at Fortinet:
The surge in Zeus activity doesn’t surprise us given the botnet’s popularity and the fact that its source code was hacked and subsequently leaked to the public last May. We believe it’s highly likely that we will continue to see Zeus and SpyEye — another popular botnet whose source code was also recently cracked and leaked publicly — to spread in waves in the coming months.
Kaspersky Lab added that the Russian-speaking cybercriminals created a clone of Zeus that was quite popular with cybercriminals over the summer, selling for $600-$1800 in the United States. Kaspersky Lab’s website said of the botnet, known as Ice IX:
One of Ice IX’s most remarkable innovations is the altered botnet control web module which allows cybercriminals to use legitimate hosting services instead of costly bulletproof servers maintained by the cybercriminal community.
This will likely mean an increase of attacks involving online financial transactions.
Zeus has always been troublesome, but it appears that the new variant of the botnet could be anti-virus software proof.
I was happy that I didn’t have to write about Zeus for a long time, but it looks like the botnet has returned to my radar for some time to come.