G Data discovers potential successor to Zeus

Dangerous malware on the verge of widespread distribution

11/19/2010 | London 

Research by security experts at G Data has revealed that a new Trojan called Ares is likely to spread and propagate in the next few days. Ares shares similar design characteristics to the Zeus Trojan horse, which went on to infect millions of computers worldwide, chiefly its modular design. Its design means cybercriminals will be able to modify the malware at will. The wide range of uses to which Ares can be put means it represents an extremely high risk to the public and businesses. G Data anticipates recording a very high distribution rate for the malware.

Eddy Willems, G Data SecurityLabs comments: "Ares provides cybercriminals with a simple way of spreading malware via websites. As Ares has so many potential variants, it can be used for almost any attack on any target. We believe one of the eventual uses will be to spread Trojans aimed at online banking users. Internet users need to protect themselves by making sure they have anti-malware solutions in place that monitor all HTTP traffic and can block dangerous websites before they are called up on work and personal computers."

Underlining the commerciality of modern malware, a software development kit for the Trojan is available for free to ‘trustworthy developers’ on condition that a license fee is paid to Ares’ developer when modules are sold on to third parties. Other potential users can buy the development kit for up to US$6,000, although a ‘starter pack’ with reduced functionality can also be purchased for US$850. As is customary in the malware industry, payment is made via an anonymous online payment service - in this case WebMoney - so that neither the purchaser nor the vendor need reveal their true identity.

The developer of Ares even talked about the new malware in an underground forum. According to the author Ares is, “not focused on banking. Every copy of Ares is unique to its customer and it has the same banking capabilities as Zeus & SpyEye which can be added provided the customer wants it. I actually consider this more of a platform which is customized to each buyers liking.”


Security experts at G Data anticipate that after the ‘sales launch’ Ares will begin circulating in numerous forms. Despite the amount of information known about the impending malware launch it remains unclear who or what the Trojan horse’s specific targets are (if any), the mechanisms it will use and the cybercriminals behind it.

Champion Communications