With much fanfare and much to the chagrin of ne’er-do-wells far and wide, the Zeus Toolkit source code has been released to the public.
This is notable because normally it would cost quite a bit to purchase the kit and associated services (in excess of of US$10,000). With a release of this sort, the most immediate concern is what will be done with this code, in the wrong hands. Also, how quickly will we start to see examples of those efforts in botnets.
From a vendor point of view, when this sort of thing occurs, we must be ready to respond to customer and public queries about any countermeasures and safeguards that we can offer. Having said that, Zeus is not “new,” and we constantly (and have for years) been dealing with compiled binaries and output from this kit. The current technologies in our tool belt (AV, NIPS, HIPS, app control/whitelisting, firewall, etc.) all provide protection against the output, traffic, and noise from the Zeus toolkit.
We are researching the source packages internally. If any updates are needed, we’ll make those ASAP, and will augment and improve the existing protections that are, and have been for some time, available.
Stay tuned during the next 72 hours for more updates on this one. It should be interesting as the saga unfolds.