Feeds

Upstart crimeware wages turf war on mighty Zeus bot

All your bots belong to us

5 things you didn’t know about cloud backup

Purveyors of a new botnet toolkit are touting a feature aimed at aspiring cybercriminals: the opportunity to commandeer computers already compromised by an established crimeware package known as Zeus.

The SpyEye toolkit made its debut in December on Russian underground forums with a retail price of $500. It comes with usual configurable amenities such as a keylogger, credential stealers for credit cards, FTP and Pop3 email accounts, and a graphical control panel for managing large botnets.

But according to this brief analysis from security researchers at Symantec, it advertises a novel feature: a "Zeus killer" designed to disinfect computers already compromised by the 800-pound gorilla crimeware package.

"The new kill Zeus feature is optional during the trojan build process, but it supposedly goes as far as allowing you to delete Zeus from an infected system - meaning only SpyEye should remain running on the compromised system," the analysis states. "If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit."

This is by no means the first time competing crimeware gangs have taken potshots at each other. In 2007, the Srizbi botnet trojan was found to uninstall competing spam malware that was part of the notorious Storm Worm. Like rival street gangs fighting over drug turf, Beagle, Netsky and Mydoom crimeware kits have also engaged in protracted bot wars. Even rival phishing gangs seem to have adopted the practice.

The Zeus killer was spotted in version 1.0.7 of SpyEye. Symantec researchers have yet to assess whether it works as advertised. But they say it taps the same Windows dll file Zeus uses for communications, allowing rival criminals to tap into requests sent to the Zeus master control server.

Symantec says use of SpyEye remains minimal. If it takes off, rest assured Zeus developers will respond in kind. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.