Zeus malware re-purposed for tech support

A security researcher has detailed a novel approach to tech support that uses a modified version of the infamous Zeus malware.

The Windows malware and its Android derivative were hugely popular in cyber criminal circles and best known for its man-in-the-middle keystroke -logging and form grabbing.

The malware has infected untold scores of computers causing massive amounts of financial losses.

But its many features have now been re-appropriated for good. David Schwartzberg (@DSchwartzberg ) began building a modified version of the malware for tech support after undergoing an arduous computer repair task with family.

"Just because you have a knack for technology, people you know seem to think that you enjoy fixing all their problems, most self-inflicted," said Schwartzberg, a Barracuda Networks senior security engineer.

"[Zeus] is really known for its ability to scrape a webpage and take that information to store in a database and break into your bank account, but there are many other cool things you can do in the context of tech support.

"Ever had family member describe a problem and you wish you could see it and you could fix it in 10 seconds? Well with Zeus you can get a screenshot of what they are looking at over the internet."

Lost passwords, usernames and Facebook credentials could all be efficiently hoovered-up by Zeus installations and made remotely accessible for tech support, he said.

Schwartzberg modified the malware to run on Kali Linux and to access mobile devices via the Zeus-in-the-mobile variant of the malware.

He warned that while the malware was effective, it could at times be flaky and said interested tech support boffins should be cautious when deploying the malware.

The engineer plans to continue developing the tool and to develop a platform to scrub out malicious Zeus infections.