Light Dark
July 7, 2015 By Shane Schick 2 min read

Normally, it’s the initial release of malware that has security experts worried, but the free availability of tools to make the ZeusVM banking Trojan could send some firms into a panic.

Source code for the builder of ZeusVM — also known as KINS — as well as its control panel has been online since last month, according to MalwareMustDie!, a blog run by a security research organization of the same name. The binary generated by the builder that was leaked on the Internet is a newer version of the botnet-making tool.

As Computerworld pointed out, anything that helps cybercriminals make their own variant on the ZeusVM malware is a major concern, given its track record of stealing online financial credentials and other sensitive information. Provided they know how to alter the connectivity features of the Trojan’s command-and-control (C&C) server settings or browser URL settings, cybercriminals could create a powerful new weapon.

It’s possible law enforcement authorities or other officials could take down the leaked files, but as The Register suggested, it may already be too late to avoid what it described as a possible “bot-geddon,” or a huge wave of malware based on ZeusVM. Increased awareness among CISOs and their teams may be the only course of action, encouraging banks and other enterprises to be particularly vigilant in their monitoring for new attacks.

Already, at least six new botnets based on ZeusVM have been identified since the leak, SC Magazine reported, and version 3.0 of the malware is reasonably affordable for criminal collectives at a price point of $5,000 on the black market. Before the summer is over, it’s reasonable to expect the number of related threats could increase sharply, given that cybercriminals will probably take note of the news, as well.

Beyond looking over their shoulder, IT departments and security experts may want to study the ZeusVM data leak to see if they could use the information to build their own protection mechanisms. Videos embedded in a Softpedia post showed details on how malware would be hidden inside an encrypted JPEG file as well as an overview for building KINS botnets. It could be a race between malicious attackers and CISOs to see who makes the best use of this information first.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature