Alternative to Zeus Trojan Could Pose Future Threat
A lone developer appears to be creating a program to compete with Zeus-based Trojans, according to researchers at RSA.In 2011, the source code for a popular malicious program known as Zeus was leaked to the Internet, and since then, many malware developers have used the Zeus code as the blueprint on which to base their malicious programs. Now, a lone developer appears to be creating his own remote-access program to compete with the mass of Zeus-based Trojans, according to researchers at RSA, the security division of storage giant EMC. The Trojan, dubbed Pandemiya, has been advertised in certain cyber-criminal forums online, and RSA researchers were able to get a copy of the program, according to an analysis published June 10. The Trojan has similar functionality to Zeus, but a completely different code base and, at approximately 100KB, is quite small, Daniel T. Cohen, head of knowledge delivery with RSA FraudAction, told eWEEK. "The interesting thing here is that this is not Zeus, so it is not going to be easily fingerprinted," he said. "This is new code that now has to be learned and recognized and blocked."
Underground developers have often based their creations on other popular malware by using source code leaked to the Internet. While Zeus may be the most popular current example of cribbing code, the popular iBanking Trojan for Android mobile phones and tablets has also leaked online, leading security experts to speculate that the program could spawn a great number of variants.