September 23, 2009, 9:57 AM — What’s the best-selling Trojan kit on the black market today? Zeus. But just because it’s the best selling doesn’t mean it’s the best.
According to a blog post on RSA’s Web site, Zeus has become the popular choice among cybercriminals because it’s easy to set up and control, and can be used for a variety of purposes. And, like popular commercial software, Zeus comes in a standard version (costing a minimum of $1000) and a professional version with extra features such as a large library of target templates.
But, also like popular commercial software, Zeus has some serious drawbacks.
The Trojan deposits all the input it records from an unsuspecting user’s PC to a `drop zone’ site, according to the blog, where the information is indexed so it’s easier to sell to a buyer looking to commit identity fraud or some other cybercrime. But the criminal depositing the data in the drop zone must wait until a buyer comes along to cash out on the stolen goods, and that can take time. In the underworld of cybercrime, time is of the essence.
And so Zeus is adapting.
RSA has observed lately that several variants of Zeus are connected to Jabber, an open-source instant messaging application. Zeus users download the Jabber server to a host they control and use it to find buyers of stolen data in real time.
RSA says this real-time communications enhancement to Zeus means the time period between when data is stolen and the stealer cashes out will winnow to less than an hour.
Do you tweet? Follow me on Twitter here.
