On the 23rd of March 2011 we posted a blog about the source code for the infamous crime kit ZeuS (Wsnpoem/Zbot) being sold on at least two dark market forums (see: http://www.csis.dk/en/csis/blog/3176/).
This weekend we found the complete source code for this crime kit being leaked to the masses on several underground forums as well as through other channels. We already collected several addresses from where it is being distributed in a compressed zip archive. We even compiled it in our lab and it works like a charm. When unzipped it looks like this:
We can hereby confirm that the complete ZeuS/Zbot source code is freely available for inspection, inspiration or perhaps to be compiled and used in future attacks.
ZeuS/Zbot is already considered as being amongst the most pervasive banking Trojan in the global threat landscape. It is an advanced crime kit and very configurable. With the release and leakage of the source code the ZeuS/Zbot could easily become even more widespread and an even bigger threat than it already is today.