The programmer who wrote ZeuS -- malicious software used to steal an estimated $100 million so far this year from US towns, companies and individuals -- says he is retiring.
But security experts believe there is a good chance he will soon emerge with even more powerful ways to steal, a pattern of behavior seen after previous retirements in 2007 and 2008.
ZeuS' anonymous programmer, who lives in Russia and seems to like nice cars and powerful trucks, first introduced ZeuS in 2007 as spyware that would hide in users' computers and log keystrokes to steal passwords, said Don Jackson, director of threat intelligence at the security firm SecureWorks.
The programmer, rather than doing the stealing himself, used a middleman to sell the spyware software to criminal gangs. A basic version would run as low as $1,000 but could be customized for an extra fee. He would also offer 24/7 support.
Thieves who use ZeuS tend to avoid big companies and banks with top-line security, preferring instead smaller companies, townships and even churches. In a recent case, however, they breached and emptied brokerage accounts at E*Trade Financial Corp and TD Ameritrade Inc, according to a criminal complaint filed in New York last month.
"We have seen banks in almost every major country targeted by these (ZeuS) tool kits," said Dmitri Alperovitch, a vice president at security software company McAfee Inc.
But there has been pressure on the ZeuS gangs. About a month ago authorities in the United States, Britain and the Ukraine arrested dozens of people allegedly involved in a global cybercrime scheme that used a version of the ZeuS Trojan to steal $70 million from U.S. bank accounts, the FBI said.
Early this month the ZeuS author announced through his main reseller that he'd had enough, said SecureWorks' Jackson.
Jackson, a ZeuS expert, said that the Trojan program's author spread the word that he was handing his source code to the author of Spy Eye, an up-and-coming Trojan and a ZeuS competitor. In fact, when the Spy Eye Trojan infected a computer it would clear out ZeuS.
Jackson said he believed the retirement announcement was a ruse. "He probably has a private client set up. They had already made the decision to merge, or to pretend to merge with Spy Eye," he said.
What little is known about the ZeuS author has been gleaned from online chat rooms where he sometimes uses names based on expensive vehicles.
Some security experts believe there is a possibility the ZeuS programmer is really headed for retirement.
"One can only imagine that he's made enough money to take a vacation for a long period of time," said Elias Levy, senior technical director at Symantec Security Response.
He has probably made at least a million and perhaps multiple millions of dollars, said Bill Conner, president and chief executive of computer security firm Entrust.
Gangs who used ZeuS software stole $100 million in 2010 in the United States, said Jackson.