As reported last week, Fortinet's senior security strategist Derek Manky said that the surge in Zeus activity comes as no surprise, given the botnet's popularity and the fact that its source code was hacked, as well as leaked, in May of this year.
That analysis has been confirmed by Amit Klein, Trusteer's CTO, who said that his research team reported in the spring of this year that the Zeus source code had effectively been cracked and shared between cybercriminals – meaning that a rise in the usage of the malware by darker elements of the internet was inevitable.
“The rise of Zeus’ popularity as a means of extracting money from internet users is one of the reasons we constantly monitor it – and other forms of malware – to prevent them from executing. This is essential since 24 million internet users depend on our free Rapport compact software agent to protect them”, he said.
“Ever since Zeus first appeared back in late 2006 we have been monitoring its evolution, which has been mainly via malware email campaigns. Because the malware can be updated and modified, there are now a great many variants, some of which are quite different in their approach to extract money from users than the earlier versions of the malware”, he added.
Klein went on to say that, regardless of the way the Zeus code has been modified, its primary aim is to gain access to an internet users' bank account or similar online financial services and generate unauthorised transfers to third-party accounts from where the money disappears into the fraudster's coffers.
“The web browser is now a primary battleground for fending off attacks that threaten online banking, e-commerce, personal privacy, and even corporate computer networks, so that’s where we continue to focus our efforts when it comes to thwarting financial criminals”, he explained.