The source code for the Zeus Trojan is being sold online for $5,000.
According to CSIS Security Group, the source code is apparently being sold by at least two individuals for $5,000 and the company said that it suspects that the code will soon begin circulating widely.
Security blogger Brian Krebs has previously claimed that the Zeus author ‘was selling fully-loaded, single-user licences for up to $10,000 apiece'. Aviv Raff, chief technology officer and co-founder of Seculert, said this individual could probably demand at least ten times that amount for the source code, which would give the buyer full rights to sell one-off licences to others and/or to continue developing the malware family.
Amit Klein, CTO at Trusteer, said that market forces had taken over the code's value and its exclusivity and price had fallen. He said: “We've observed before that the old adage of there being no honour amongst thieves applies equally to the cyber criminal world, and now it seems that this is even truer when it comes to electronic crime.
"We said at the start of February that our research teams were seeing multiple variants of Zeus appearing on users' machines, and now our colleagues over at Trend Micro are reporting that the source code is being offered for sale on multiple forums from different people.”
Klein also said that it was only a matter of time before the source code for Zeus is released in the wild at little or no cost, a step that potentially means that thousands of cyber criminals can then develop toolkits to maximise their revenues from the malware
“The malware is likely to continue to be a problem for financial users of the internet, and their organisations, for some time to come. We may yet see even more variants of Zeus appearing on a larger scale and shorter timeframe than anyone could have predicted,” said Klein.