The source code for the ZeuS trojan horse (sometimes known as Zbot), that steals banking information by keystroke logging and form grabbing, has been leaked on to the Internet. Peter Kruse of CSIS, a security company from Copenhagen, has confirmed that the archive file, which is available from several underground forums, compiles and is indeed the genuine thing.
According to The H, the source code is for version 126.96.36.199 which is thought to be the latest version. Previously copies of ZeuS sold for several thousand dollars among cyber criminals and organized crime gangs.
The archive file contains a builder that generates the malware executable and Web server files (PHP, images, SQL templates) for use as the command and control server.
How or why this source code has appeared on the net is unclear, however it was reported last year the ZeuS’ creator had retired and turned over the source code to ZeuS to his long time rival.
ZeuS has already caused a lot of damage and its release on the Internet could mean it now poses a greater threat that ever before.