The inventiveness and avarice of the underground community knows few bounds and one of the latest bits of evidence of this is the creation of a new service designed to help newbies get their Zeus botnets up and running as quickly as possible.
The service takes one of the more bothersome tasks involved in creating your own botnet–compiling the binary for the bot itself–and puts it in the hands of a dedicated vendor who specializes in the service. One of the problems with using the Zeus bot has been that customers who paid for the bot, or downloaded a free, pirated version of it, has had to buy a builder to compile the bot, as well.
Apparently, that process became so onerous for some attackers that they are now seeking out a service that will compile the Zeus binary for them and deliver the finished product, according to research by RSA.
“A vendor in the underground now provides a service of compiling the
binaries for them – for a price per binary. Any additional binaries or
recompiling the same binary (same settings but a different signature to
avoid AV detection) – costs extra. This allows fraudsters to decrease
costs associated with building a botnet, especially for those who are
making their first steps in the field and do not possess a builder
already. Lower costs mean a higher profitability, thus making Zeus ever
more lucrative,” RSA’s Idan Aharoni wrote in an analysis of the service.
Zeus is one of the more popular bots in the underground, and has been in circulation for nearly four years now. It’s gone through a number of iterations in that time and there are a bunch of different versions of it being used at any one time. Various pieces of the botnet has been blamed for a number of high-profile incidents in recent years, including the compromise of credit cards issued by more than a dozen major banks, large-scale spam campaigns as well as the theft of credentials for popular social networking sites, including Facebook and others.
The Zeus botnet took a hit late last year when officials in the U.K., the U.S. and the Ukraine arrested more than 100 people in connection with running the Zeus operation. But Zeus is not a monolithic entity and pieces of the botnet are still in operation, despite the supposed retirement of the creator of the Zeus malware in late 2010.