February 10, 2010
A new crimeware toolkit is causing conversation among security researchers, who say it could have the chops to compete with the popular Zeus malware.
In a blog last week, researchers at Symantec called attention to a new toolkit called SpyEye V1.0, which began to appear in Russian underground forums in December. The Trojan created by the toolkit is detected as Trojan.Spyeye.
"Retailing at $500, it is looking to take a chunk of the Zeus crimeware toolkit market," Symantec researchers say. "Since it is relatively new, we are not seeing a lot of SpyEye activity yet. However, given some time and the observed rate of development for this crimeware toolkit, SpyEye could be a future contender for king of the crimeware toolkits."
SpyEye is similar to Zeus, which has been used to spread malware and create one of the Internet's largest botnets. "It contains a builder module for creating the Trojan bot executable with config file, and a Web control panel for command and control (C&C) of a botnet," the blog says.
New revisions of SpyEye are being released regularly, Symantec says. "The latest version (V1.0.7) contains an interesting new feature called 'Kill Zeus' that we have yet to substantiate," the blog says. "It supposedly goes as far as allowing you to delete Zeus from an infected system -- meaning only SpyEye should remain running on the compromised system.
"If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit," Symantec predicts. "This, in turn, could lead to another bot war."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
The Impact of XDR in the Modern SOC