Light Dark
July 7, 2015 By Shane Schick 2 min read

Normally, it’s the initial release of malware that has security experts worried, but the free availability of tools to make the ZeusVM banking Trojan could send some firms into a panic.

Source code for the builder of ZeusVM — also known as KINS — as well as its control panel has been online since last month, according to MalwareMustDie!, a blog run by a security research organization of the same name. The binary generated by the builder that was leaked on the Internet is a newer version of the botnet-making tool.

As Computerworld pointed out, anything that helps cybercriminals make their own variant on the ZeusVM malware is a major concern, given its track record of stealing online financial credentials and other sensitive information. Provided they know how to alter the connectivity features of the Trojan’s command-and-control (C&C) server settings or browser URL settings, cybercriminals could create a powerful new weapon.

It’s possible law enforcement authorities or other officials could take down the leaked files, but as The Register suggested, it may already be too late to avoid what it described as a possible “bot-geddon,” or a huge wave of malware based on ZeusVM. Increased awareness among CISOs and their teams may be the only course of action, encouraging banks and other enterprises to be particularly vigilant in their monitoring for new attacks.

Already, at least six new botnets based on ZeusVM have been identified since the leak, SC Magazine reported, and version 3.0 of the malware is reasonably affordable for criminal collectives at a price point of $5,000 on the black market. Before the summer is over, it’s reasonable to expect the number of related threats could increase sharply, given that cybercriminals will probably take note of the news, as well.

Beyond looking over their shoulder, IT departments and security experts may want to study the ZeusVM data leak to see if they could use the information to build their own protection mechanisms. Videos embedded in a Softpedia post showed details on how malware would be hidden inside an encrypted JPEG file as well as an overview for building KINS botnets. It could be a race between malicious attackers and CISOs to see who makes the best use of this information first.

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature