Former Kaspersky Japan boss now malware researcher Hendrik Adrian is warning of a boom of ZeusVM botnets, after the trojan source code was leaked online.
Version two of the builder and panel source code leaked last month, and spotted by the French malware researcher known as Xylitol
Adrian, who uses the online handle unixfreakjp, says he publicly disclosed the leak because criminals are building botnets based on the stolen toolkit code.
The leak covered only the botnet toolkit, not a disclosure of the Zeus trojan itself which could lead to a rush of Zeus malware variants.
"ZeusVM version two toolkit was leaked and spread all over the internet," Adrian says.
"Still so many bad guys know about this than good guys [so] today we decided to raise warning.
"We will see more ZeusVM botnets on the internet since … anyone with this toolkit in hand can generate ZeusVM 220.127.116.11 binaries and set up botnets via its panel."
Adrian says the leaked toolkit is being spread widely despite efforts to take down copies shared across cyberlocker sites, making it "very important" news for the information security community.
He says anti malware and threat analysts can now obtain a copy of the leak from him, a trusted source, in order to research methods to block the emerging botnets.
Adrian says VXers are now selling ZeusVM version three for $US5,000 on affiliate forums. ®