Zeus botnetThe inventiveness and avarice of the underground community knows few bounds and one of the latest bits of evidence of this is the creation of a new service designed to help newbies get their Zeus botnets up and running as quickly as possible.

The service takes one of the more bothersome tasks involved in creating your own botnet–compiling the binary for the bot itself–and puts it in the hands of a dedicated vendor who specializes in the service. One of the problems with using the Zeus bot has been that customers who paid for the bot, or downloaded a free, pirated version of it, has had to buy a builder to compile the bot, as well.

Apparently, that process became so onerous for some attackers that they are now seeking out a service that will compile the Zeus binary for them and deliver the finished product, according to research by RSA.

“A vendor in the underground now provides a service of compiling the
binaries for them – for a price per binary. Any additional binaries or
recompiling the same binary (same settings but a different signature to
avoid AV detection) – costs extra. This allows fraudsters to decrease
costs associated with building a botnet, especially for those who are
making their first steps in the field and do not possess a builder
already. Lower costs mean a higher profitability, thus making Zeus ever
more lucrative,” RSA’s Idan Aharoni wrote in an analysis of the service.

Zeus is one of the more popular bots in the underground, and has been in circulation for nearly four years now. It’s gone through a number of iterations in that time and there are a bunch of different versions of it being used at any one time. Various pieces of the botnet has been blamed for a number of high-profile incidents in recent years, including the compromise of credit cards issued by more than a dozen major banks, large-scale spam campaigns as well as the theft of credentials for popular social networking sites, including Facebook and others.

The Zeus botnet took a hit late last year when officials in the U.K., the U.S. and the Ukraine arrested more than 100 people in connection with running the Zeus operation. But Zeus is not a monolithic entity and pieces of the botnet are still in operation, despite the supposed retirement of the creator of the Zeus malware in late 2010.

Categories: Cryptography, Malware, Web Security

Comments (4)

  1. Ralph

    Why would a person want to have their own Zeus botnet? What good are they? I don’t want to do anything criminal. Maybe there is a way to use a botnet just for fun.

  2. Kent

    I am sure some botnets start out as some young adults experimenting(for fun) then they figure out they can make money and the experiment just gets out of control and takes a life of its own, for example the young adult who has been bullied now has some new found (power=ego)!  This is probably only 15-25% of the bots out there, the rest are pure criminal in nature/intent!  What I believe is that these young adults need to do is show better judgement and realise that this is not a victimless/anonymous attack/crime and that the people they hurt are often just like the people that love them most!  Not to be any kind of bible thumper in any way but WWJD is a powerful way out for some!  I think there needs to be a way for anyone who finds themselves in this situation a reasonable way to shut it down and put their energy towards good.  I will shut up now…… Sorry if I offended anyone in my reference to the big guy.   Peace to all.

  3. Anonymous

    It would be nice if the article first defined a botnet and explained what the Zeus botnet is and how is has been abused.

Comments are closed.