본문 바로가기
IT 보안소식

트렌드마이크로(TrendMicro), ZeuS Source Code Already in the Wild(Zeus Bot 소스 코드 유출)

by 잡다한 처리 2011. 4. 4.
반응형



세계적인 보안 업체인 트렌드마이크로(TrendMicro)에서 ZeusBot의 소스코드가 공개되었다고 발표하였다.

제우스봇(ZeusBot)이란? 
2005년 처음 발견되었으며, Zbot, Wsnpoem, Kneber 로 불리우기도 한다.
제우스봇은 대부분 개인정보를 탈취하는데 목적이 있으며, 인터넷 뱅킹거래와 밀접한 관계가 있는 악성코드이다.
보통 유포는 이메일이나 웹사이트 다운로드로 감염 된다.


인터넷에 현재 패스워드가 걸린 RAR 형태로 돌아다니고 있기 때문에 파일은 수집할 수 있었다.


하지만!! 하지만!! 패스워드를 모른다는거 ㅡ.ㅡ;;
누가 패스워드 아시면 ㅋㅋ 댓글좀 남겨주세요!! ㅋㅋㅋ



원문보기 : http://blog.trendmicro.com/zeus-source-code-already-in-the-wild/ 
 

For about two weeks now, the ZeuS source code has been making its way around to different people. Many people have been offering it up for sale on multiple forums, but lots of times it is only pieces of the code and not everything. There are also conflicting reports about important pieces of the code missing, not allowing it to work, or that everything is there except the modules that can be added in.

This has taken a recent turn however, due to the fact that source code was reportedly uploaded to a file sharing site and then the link was posted to a malware forum.

The catch is that the uploaded file is a .RAR file, and is password protected. You can look through the .RAR file and check that everything is there for the source code but you can’t actually look at the contents of the files due to the password protection. Multiple people are taking a crack at trying to bruteforce the password for the .RAR file, but so far no one that I know of has been able to crack it. There are even reports that some people in law enforcement are looking at it.

What does this mean in the long run though?

We are predicting that soon the source code will be in the hands of anyone that wants it. This could be potentially dangerous, but only if it gets into the hands of people who really know how to use it. The source code is written in C++ and requires someone with a fair knowledge of C++ to really figure out the code. It would not be possible for an average person to rip parts of the code out to use in their own malware.

A lot of this code, I have been told, is linked together through macros so if you try to pull out a piece of it then it will not work. Gribodemon , the author of SpyEye, posted a message on a Russian forum saying that the Zeus author, Slavik/monstr, sold the code to another person (for around 15K. Gribodemon also has a copy of the code) , that was supposed to use it and expand on its functionality. Apparently this person really didn’t know how to use the code and instead started to resell it to others. That is what has lead up to where we are now. Trend Micro will continue to keep an eye on this possible threat and update this blog with any new developments.


 

댓글