SpyEye botnet toolkit to become new Zeus

The Zeus crimeware author(s) appear to be in ‘panic’ mode. The recent Zeus arrests appear to have unsettled the criminals and they appear to have reacted by selling the source code to the SpyEye author(s). Zeus is the banks worst nightmare – it is the most prevalent banking Trojan currently in cyber space, so personally I don’t think this banking Trojan will ever go away. It will no doubt evolve into another more dangerous Trojan – possibly SpyEye.

SpyEye will in time become the core Trojan but Zeus will still remain an important toolkit for the cyber criminals. I was at a Virus Bulletin Seminar in London last week and most if not all the security experts agreed with me on these points. Zeus will definitely remain the premium toolkit for the crimeware developers – a quick glance at the Zeus Tracker website and you can see that there are about 200 active Zeus Command & Control Servers (C&Cs) across the globe right now. Further proof it is still the undisputed king of the botnets.

For the technical people among us the SpyEye toolkit includes; formgrabbing; credit card autofill; POP3 grabbing; exe. string sources encryption; FTP grabbing and a PHP mySQL admin panel. These will no doubt evolve over time and additional components added. SpyEye also has a “defense mode” to stop Zeus from attacking the toolkit. The “defense mode” has a “Zeus Killer” component which can stop the Zeus Bot from taking over the SpyEye engine. Security experts believe Zeus has been reverse-engineered into SpyEye using the samples that were created by the Zeus toolkit – worth noting here the Zeus Killer mode only appears to work with the ‘free’ Zeus builder and not the “paid” version. They really do think about business models in cyber crime world.

Hopefully you can now see that these botnets are very dangerous – the banks take the Zeus botnet threat very seriously, so it’s important PC and MAC users be vigilant at all times. One last point – maybe we can chuckle at this – the crimeware writers even have to consider being attacked by other malware/Trojan authors – hence the “Zeus Killer”. Who said “there is no honor among thieves”.

Safe surfing folks!

This entry was posted in malware. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *