Public offer of Zeus FaaS service on social network

April 25, 2013  By Pierluigi Paganini


Public offer of Zeus FaaS service on Facebook

My readers know very well the dynamic of cybercrime enterprise and in particular of the growing interest in monetization malicious codes such as malware, ransomware and more in general botnets.

One of the most targeted sector is banking, the evolution of banking services, their introduction on mobile platforms made attractive targets for cyber criminals, one of the success stories in the cybercrime industry is the Zeus malware case. Zeus is one of the oldest and most prolific malware that has changed over time to meet the numerous demands of the criminal world, let’s remind that it is dated 2007 and officially sanctioned the introduction into the criminal system of this cyber threat to attack the Banking.

An interesting phenomenon is growth in the last year, the trend to offer in the underground all necessary to organize a large scale fraud, criminals offers malware or entire botnets for renting including bulletproof hosting, complete kits that in many cases include also information to use during the attacks against specific targets. The business is impressive the model described, known also as a Fraud-as-a-Service has been a great success for obvious reasons, malicious code such as Zeus, SpyEye, Ice IX, or even Citadel have benefited of the sales model, cyber criminals with few hundred dollars are able to design their criminal operation,

The efficient sales model has remained confined to the underground since now, the access to the offer of cybercrime was possible only through selected channels, such black market forums, Deep Web sites or IRC communities. Remaining hidden the economy has grown “undisturbed” but it seems to be ready for a great step forward, the exploitation of new channels such as social networks that could give a devastating boost to the Fraud-as-a-Service model.

RSA researchers have published an interesting article on the topic evidencing how the criminal offer has gone on popular Social Network proposing a customized botnet panel for Zeus Trojan.

The malicious application appears to be developed by Indonesian-speaking development team that has improved previous version of the popular Zeus Trojan kit, confirming the propensity commercial the developer designed a demo website for would-be buyers public visible, but what is very surprising it that they have also created a dedicated Facebook page with frequent updates and information about botnets, exploits, cybercrime, and their own product (Zeus v 1.2.10.1) …. as saying:

Do you want to become a cybercriminal? Follow us and we’ll tell you how.

 Public offer of Zeus FaaS service - Botnet on Facebook

The fact that a group of cyber criminals develops its variant of Trojan or similar malware is not new, this is possible because the source code of principal cyber threat is easily available on the black market, Zeus code was leaked in mid-2011 and many versions have been detected by principal security firms, but seeing someone marketing a Zeus v1 kit is very singular.

A so explicit market campaign is something new, in my opinion a dangerous signal to worldwide security community, cybercrime doesn’t fear countermeasures and law enforcement operations probably because it is based in those countries where institutions are not efficient against criminals.

Global crisis and sensible increase of cyber crimes let security experts to believe that similar events will become more frequent, criminals are starting to publicly offer and acquire malicious codes and rent services for malicious campaign following the analysis proposed by RSA

“The cybercrime underground may have lost most of the access it had to the major commercial Trojans after Zeus, SpyEye, Ice IX and Citadel’s developers all decided to quit vending their malware freely, but it seems that FaaS is definitely keeping things alive in the crime world.”

The main problem today is difficult of a globally recognized law framework to address cyber criminal organizations, law enforcement urge the establishment of severe penalties and shared effort to fight a battle against an invisible enemy that hasn’t a specific geographical connotation.

Until cybercriminals will have the opportunity to hide themselves in a country whose government will not properly persecute them it’s impossible  to stop cybercriminal wave.

Stop cybercrime is a global urgency!

Pierluigi Paganini

(Security Affairs – Cybercrime)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Critical vulnerability in Viber exposes mobile user to serious risks

 Critical vulnerability in Viber allow bypass security mechanisms We have discussed in various occasions of security in mobile environments,...