New Version of Zeus Well Armed

The Register reports that the latest version of the Zeus do-it-yourself crimeware kit goes to great lengths to defeat malware pirates, who would rather not pay for the program, by introducing a hardware-based product activation mechanism similar to Microsoft’s own.   The new feature ensures that a licensed version of the program is tied directly to a specific computer system.  Hardware-based licensing isn’t the only idea that the Zeus creators have taken from Microsoft’s playbook.   They’ve also pushed out multiple versions of the package that vary in price depending on the capabilities being offered.   Just as Windows users can choose between the lower-priced Windows 7 Starter or the more costly Windows 7 Business, bot masters have multiple options for Zeus.  With bare-bones capabilities a copy starts at $4,000, and additional feature modules can fetch as much as $10,000 each.

Some of the new features available as modules include a module that will allow receiving of stolen data in real time using the Jabber instant messaging client, a module that grabs data from fields typed into Firefox, and a VNC remote control module that allows users to establish a direct connection to an infected computer.  The VNC functionality allows criminals to bypass some of the most advanced security measures that are commonly used to authenticate victims to a bank or other financial institution.

The next version, 1.4, is already being beta tested.  It offers polymorphic encryption that allows the trojan to re-encrypt itself each time it infects a victim, giving each one a unique digital fingerprint.  This will make anti-virus detection even harder.

Register Article

This article talks about the difficulty of containing Zeus Command & Control servers.  Related Article