In a blog last week, researchers at Symantec called attention to a new toolkit called SpyEye V1.0, which began to appear in Russian underground forums in December. The Trojan created by the toolkit is detected as Trojan.Spyeye.
"Retailing at $500, it is looking to take a chunk of the Zeus crimeware toolkit market," Symantec researchers say. "Since it is relatively new, we are not seeing a lot of SpyEye activity yet. However, given some time and the observed rate of development for this crimeware toolkit, SpyEye could be a future contender for king of the crimeware toolkits."
SpyEye is similar to Zeus, which has been used to spread malware and create one of the Internet's largest botnets. "It contains a builder module for creating the Trojan bot executable with config file, and a Web control panel for command and control (C&C) of a botnet," the blog says.
New revisions of SpyEye are being released regularly, Symantec says. "The latest version (V1.0.7) contains an interesting new feature called 'Kill Zeus' that we have yet to substantiate," the blog says. "It supposedly goes as far as allowing you to delete Zeus from an infected system -- meaning only SpyEye should remain running on the compromised system.
"If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit," Symantec predicts. "This, in turn, could lead to another bot war."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.