New SpyEye Trojan Could Challenge Zeus

[A Guy]

New SpyEye Trojan Could Challenge Zeus, Researchers Say
Emerging Russian crimeware kit hasn't spread yet -- but it has potential

Feb 10, 2010 | 11:46 AM
By Tim Wilson
DarkReading


A new crimeware toolkit is causing conversation among security researchers, who say it could have the chops to compete with the popular Zeus malware.

In a blog last week, researchers at Symantec called attention to a new toolkit called SpyEye V1.0, which began to appear in Russian underground forums in December. The Trojan created by the toolkit is detected as Trojan.Spyeye.

"Retailing at $500, it is looking to take a chunk of the Zeus crimeware toolkit market," Symantec researchers say. "Since it is relatively new, we are not seeing a lot of SpyEye activity yet. However, given some time and the observed rate of development for this crimeware toolkit, SpyEye could be a future contender for king of the crimeware toolkits."

SpyEye is similar to Zeus, which has been used to spread malware and create one of the Internet's largest botnets. "It contains a builder module for creating the Trojan bot executable with config file, and a Web control panel for command and control (C&C) of a botnet," the blog says.

New revisions of SpyEye are being released regularly, Symantec says. "The latest version (V1.0.7) contains an interesting new feature called 'Kill Zeus' that we have yet to substantiate," the blog says. "It supposedly goes as far as allowing you to delete Zeus from an infected system -- meaning only SpyEye should remain running on the compromised system.

"If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit," Symantec predicts. "This, in turn, could lead to another bot war."

http://www.darkreading.com/vulnerability_management/security/perimeter/showArticle.jhtml?articleID=222700744&cid=nl_DR_WEEKLY_2010-02-11_t

A Guy

[Raymond]

I was doing some readings in an underground forum and noticed that the trend today is about botnets. You can buy botnet software, buy a crypter, and finally pay people to spread it for you. With money, you can have control over thousands of computer and launch massive DDoS attack to bring down a website.

[safeguy]

With money, you can have control over thousands of computer and launch massive DDoS attack to bring down a website.

$$$$$$$ makes the world go round