It took just three days for a vulnerability in the Zeus botnet command and control software to be patched against a vulnerability disclosed in a security researcher's blog posting.
USA-based researcher and apparent Google security engineer Billy Rios published a detailed blog post on vulnerabilities he discovered in Zeus's command and control server.
Armed with details of the vulnerability, attackers could seize botnet command and control servers. Attackers could be criminals seeking to seize other organisations' botnets, or security researchers looking to disable botnet command and control servers.
Zeus is a malware package that targets Internet banking accounts and digital certificates. Sold on the underground, the Zeus botnet "kit" contains a user manual and all the software ingredients enterprising criminals need to get started building their botnets.
Some malware researchers say Zeus is currently the most common malware on the Internet.
Rios conducted a security audit on the command and control web application that "ships" with the Zeus kit, only to find vulnerabilities that could be used to compromise the C&C server.
His full disclosure of the bug led some to criticise Rios for assisting criminals better secure their malicious software.
A source tells Risky.Biz the "patch" was first discussed on Zeus-related IRC channels by Pierre Caron.
What do you think? Should Billy Rios have disclosed his findings? Let us know by clicking here.
To hear more about this story tune into tomorrow's edition of the Risky Business podcast. RSS feeds are here.
