Zeus FaaS Comes to a Social Network Near You

FaaS: Never a Dull Moment

The cybercriminal practice of operating Trojans and botnets has a long history on the Internet, an especially thriving one since the release of the first commercial banking Trojan, Zeus, in 2007.

Since then, the ever-evolving world of financial malware has seen many turns of the tide with new banking Trojans released, then disappear in dramatic underground events.

Through it all, the one constant has been cybercrime’s Fraud-as-a-Service offerings market, enabling the sale of Trojan bits and bites, or entire package deals, to those who could not afford a complete kit, or had no idea where to begin.

Typical Trojan FaaS deals offer a Trojan like Zeus, SpyEye, Ice IX, or even Citadel for a few hundred dollars instead of the full kit price going for a few thousands rather. FaaS deals sweeten the pot with bulletproof hosting at a discount, free set-up services, hands-on tutoring and malware-campaign help wrapped into affordable combos.

While it is beyond doubt a thriving economy, Fraud-as-a-Service mostly remained hidden in the deep enclaves of dark online markets, only advertised to those who were in the know, sought in the right place, or knew the right people. But that’s all a thing of the past, it seems. Social networks are such a great place for malware infections and phishing, why not just market the botnet directly from there?

Read the rest of this post here