On March 23, 2011 we blogged about the source code of the infamous crime kit ZeuS (Wsnpoem / Zbot) sold at least two underground forums (see: http://www.csis.dk/en/csis/blog/3176/).
This weekend we found the complete source code for ZeuS kit leaked to a wider audience via several underground forums and through other channels. We have already collected several addresses from the time of writing is being distributed as a zip archive. We have compiled the code in our lab and it works flawlessly. The contents of the zip file looks like this:
We hereby confirm that the complete ZeuS / Zbot source code is freely available for inspection, inspiration or perhaps even to compile and use in future attacks. It is also probable that the kit will be rebranded and packaged again and maybe even improved and developed further in functionality. ZeuS / Zbot calculated in advance to be among the most widespread and most sophisticated banking Trojans in the global threat landscape.
This is a highly advanced and very configurable crime kit. With the release of source code to a broad audience would Zeus / Zbot probably be far more widespread and even greater threat than it already is today.