The Prolexic Security Engineering and Response Team (PLXSert) has released a threat advisory outlining new payloads from the Zeus toolkit that it has seen in the wild. In addition to the data theft and financial fraud Zeus is known for, PLXSert has discovered Zeus being used in crypto-currency mining, spam, distributed denial-of-service (DDoS) attacks, and attacks customized for specific PaaS and SaaS infrastructure.
According to the report, "Although Zeus/Gameover version reportedly introduced DDoS capabilities, PLXSert has no evidence that the Zeus framework kit can orchestrate significant DDoS campaigns by itself, but if combined with other DDoS toolkits, the capabilities of the Zeus framework would enable malicious actors to use it as a powerful DDoS botnet builder."
PLXSert has already seen Zeus being used in tandem with popular DDoS kits, including Drive, a variant of Dirt Jumper. The researchers have also seen attackers targeting cloud-based applications through PaaS and Saas infrastructures. They say that "well-known SaaS/PaaS vendors" have been targeted, but they do not name those vendors.
"By targeting SaaS/PaaS," the report reads, "cybercriminals take advantage of the resources of both the end users and the providers. The providers' defense technologies allow the attackers the advantage of gaining anonymity behind the providers' cloud-based infrastructure."
See the full report here.