Feeds

Upstart crimeware wages turf war on mighty Zeus bot

All your bots belong to us

Top 5 reasons to deploy VMware with Tegile

Purveyors of a new botnet toolkit are touting a feature aimed at aspiring cybercriminals: the opportunity to commandeer computers already compromised by an established crimeware package known as Zeus.

The SpyEye toolkit made its debut in December on Russian underground forums with a retail price of $500. It comes with usual configurable amenities such as a keylogger, credential stealers for credit cards, FTP and Pop3 email accounts, and a graphical control panel for managing large botnets.

But according to this brief analysis from security researchers at Symantec, it advertises a novel feature: a "Zeus killer" designed to disinfect computers already compromised by the 800-pound gorilla crimeware package.

"The new kill Zeus feature is optional during the trojan build process, but it supposedly goes as far as allowing you to delete Zeus from an infected system - meaning only SpyEye should remain running on the compromised system," the analysis states. "If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit."

This is by no means the first time competing crimeware gangs have taken potshots at each other. In 2007, the Srizbi botnet trojan was found to uninstall competing spam malware that was part of the notorious Storm Worm. Like rival street gangs fighting over drug turf, Beagle, Netsky and Mydoom crimeware kits have also engaged in protracted bot wars. Even rival phishing gangs seem to have adopted the practice.

The Zeus killer was spotted in version 1.0.7 of SpyEye. Symantec researchers have yet to assess whether it works as advertised. But they say it taps the same Windows dll file Zeus uses for communications, allowing rival criminals to tap into requests sent to the Zeus master control server.

Symantec says use of SpyEye remains minimal. If it takes off, rest assured Zeus developers will respond in kind. ®

Internet Security Threat Report 2014

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.