G Data discovers potential successor to Zeus
Dangerous malware on the verge of widespread distribution
Eddy Willems, G Data SecurityLabs comments: "Ares provides cybercriminals with a simple way of spreading malware via websites. As Ares has so many potential variants, it can be used for almost any attack on any target. We believe one of the eventual uses will be to spread Trojans aimed at online banking users. Internet users need to protect themselves by making sure they have anti-malware solutions in place that monitor all HTTP traffic and can block dangerous websites before they are called up on work and personal computers."
Underlining the commerciality of modern malware, a software development kit for the Trojan is available for free to ‘trustworthy developers’ on condition that a license fee is paid to Ares’ developer when modules are sold on to third parties. Other potential users can buy the development kit for up to US$6,000, although a ‘starter pack’ with reduced functionality can also be purchased for US$850. As is customary in the malware industry, payment is made via an anonymous online payment service - in this case WebMoney - so that neither the purchaser nor the vendor need reveal their true identity.
The developer of Ares even talked about the new malware in an underground forum. According to the author Ares is, “not focused on banking. Every copy of Ares is unique to its customer and it has the same banking capabilities as Zeus & SpyEye which can be added provided the customer wants it. I actually consider this more of a platform which is customized to each buyers liking.”
Security experts at G Data anticipate that after the ‘sales launch’ Ares will begin circulating in numerous forms. Despite the amount of information known about the impending malware launch it remains unclear who or what the Trojan horse’s specific targets are (if any), the mechanisms it will use and the cybercriminals behind it.