Zeus Source Code Released Online, Security Experts Fear Its Impact

Source code for the infamous Zeus botnet has been leaked online and is available for anyone to download and use, security experts have warned.

Security experts believe that the leak could allow hackers to churn out more sophisticated versions of the malware. The source code was leaked in at least three different locations, experts said.

The Zeus trojan is used by hackers to steal user names and passwords for online banking accounts and other financial services. The botnet had wrecked havoc on some of UK’s financial institutions in the past.

The trojan works by stealing banking user names and passwords and sending them to a remote server operated by the hackers. The credentials are then used to steal money from unsuspecting customers.

Experts believe that the leak was an intentional move by the hackers to generate interest for the trojan and to sell customised tool kits that help anyone with sufficient knowledge of hacking to mount the attacks.

“The sourcecode has until now been shared in very closed communities or bought by criminals with significant funds,” Peter Kruse, a security researcher with Danish firm CSIS Security, said in a statement to The Register.

“With the release of the entire code it's obvious we will see new versions/rebrands or improvements in general. If this grows outside of the established underground ecosystem it could have a significant impact.”