Emerging Russian crimeware kit hasn't spread yet -- but it has potential

Dark Reading Staff, Dark Reading

February 10, 2010

1 Min Read

A new crimeware toolkit is causing conversation among security researchers, who say it could have the chops to compete with the popular Zeus malware.

In a blog last week, researchers at Symantec called attention to a new toolkit called SpyEye V1.0, which began to appear in Russian underground forums in December. The Trojan created by the toolkit is detected as Trojan.Spyeye.

"Retailing at $500, it is looking to take a chunk of the Zeus crimeware toolkit market," Symantec researchers say. "Since it is relatively new, we are not seeing a lot of SpyEye activity yet. However, given some time and the observed rate of development for this crimeware toolkit, SpyEye could be a future contender for king of the crimeware toolkits."

SpyEye is similar to Zeus, which has been used to spread malware and create one of the Internet's largest botnets. "It contains a builder module for creating the Trojan bot executable with config file, and a Web control panel for command and control (C&C) of a botnet," the blog says.

New revisions of SpyEye are being released regularly, Symantec says. "The latest version (V1.0.7) contains an interesting new feature called 'Kill Zeus' that we have yet to substantiate," the blog says. "It supposedly goes as far as allowing you to delete Zeus from an infected system -- meaning only SpyEye should remain running on the compromised system.

"If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit," Symantec predicts. "This, in turn, could lead to another bot war."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights