The source code for the Zeus Trojan has reportedly been found on sale online.
According to a blog by Peter Kruse, partner and security specialist at CSIS Security Group, several individuals have announced that they have access to the Zeus source code in recent weeks and that it is for sale.
He said: “We are currently not able to verify any of these claims, however this particular announcement has a picture attached which might prove that parts of the source code are indeed in the hands of someone using the handle ‘IOO'.
“Prior to this there were several rumours that the Zeus code was sold to the creator of SpyEye. This is also currently unconfirmed, however what is fact is that someone besides the author of the Zeus has access to the code and this we can document.”
Rik Ferguson, director of security research and communications at Trend Micro, said: “Some ‘vendors' are saying that they have this for sale but they are always saying that they have things for sale that they do not have, such as malware, credit card details, credentials and botnets, but it is often not true as they are just interested in stealing money. The reality of this is that it is possible but it is not substantiated.”
Update - in an email to SC Magazine, Kruse confirmed that source code for Zeus has been leaked and was in circulation, saying that ‘this is no longer speculation'.