Feeds

Upstart crimeware wages turf war on mighty Zeus bot

All your bots belong to us

5 things you didn’t know about cloud backup

Purveyors of a new botnet toolkit are touting a feature aimed at aspiring cybercriminals: the opportunity to commandeer computers already compromised by an established crimeware package known as Zeus.

The SpyEye toolkit made its debut in December on Russian underground forums with a retail price of $500. It comes with usual configurable amenities such as a keylogger, credential stealers for credit cards, FTP and Pop3 email accounts, and a graphical control panel for managing large botnets.

But according to this brief analysis from security researchers at Symantec, it advertises a novel feature: a "Zeus killer" designed to disinfect computers already compromised by the 800-pound gorilla crimeware package.

"The new kill Zeus feature is optional during the trojan build process, but it supposedly goes as far as allowing you to delete Zeus from an infected system - meaning only SpyEye should remain running on the compromised system," the analysis states. "If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit."

This is by no means the first time competing crimeware gangs have taken potshots at each other. In 2007, the Srizbi botnet trojan was found to uninstall competing spam malware that was part of the notorious Storm Worm. Like rival street gangs fighting over drug turf, Beagle, Netsky and Mydoom crimeware kits have also engaged in protracted bot wars. Even rival phishing gangs seem to have adopted the practice.

The Zeus killer was spotted in version 1.0.7 of SpyEye. Symantec researchers have yet to assess whether it works as advertised. But they say it taps the same Windows dll file Zeus uses for communications, allowing rival criminals to tap into requests sent to the Zeus master control server.

Symantec says use of SpyEye remains minimal. If it takes off, rest assured Zeus developers will respond in kind. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.