RSS Alerts

Share

More services

Related Links

  • Krebs on Security
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • The power of ZeuS now being tapped for user data
    It seems that ZeuS, the powerful trojan that first appeared more than three years ago, is starting to be used for things other than user credential stealing from online banking users.
  • TrustDefender warns on a potentially devastating new trojan
    Online transaction security specialist TrustDefender is warning users of online banking and other financial services to be on alert for a new trojan it claims is every bit as nasty as ZeuS.
  • ZeuS can be beaten – with the right defences
    The rising tide of ZeuS-driven malware suggests that corporates are at risk from the worm. But according to the CIO of an 8000 seat multinational, it all comes down to a multi-layered security approach to beat this type of malware.
  • Trojans soaring in volume
    The latest monthly analysis of malware from GFI Software claims to show that trojans are increasing rapidly in volume, as witnessed by the level of infections caused by the ZeuS worm in recent weeks, Infosecurity notes.
  • Zeus botnet traced to Latvian operation
    Researchers have been busy over the last few days tracing where the Zeus botnet is being controlled from, following investigations by the University of Alabama in the US, which tracked down the Zeus Bot virus to a raft of fake internet postcards circulating on the internet.

Top 5 Stories

News

Security researcher reports SpyEye and ZeuS gangs have merged

25 October 2010

Unconfirmed reports that the hacker coding gang behind the ZeuS trojan are now working with their SpyEye counterparts gained credence last night when security researcher Brian Krebs reported on the move.

According to Krebs, the move seeks to build a better online banking threat whose sale is restricted to a more exclusive and well-heeled breed of cybercrminals.

"Underground forums are abuzz with rumors that the ZeuS author – a Russian hacker variously known by the monikers Slavi and Monstr – is no longer planning to maintain the original commercial crimeware kit", said Krebs in his security blog.

"According to numerous hacker forums, the source code for ZeuS recently was transferred to the developer of the SpyEye Trojan, a rival malware maker who drew attention to himself by dubbing his creation the ZeuS killer", he added.

As previously reported by Infosecurity, whilst the media has focused on ZeuS since earlier this year, the trojan has been floating around in the wild since the summer of 2007.

Security experts at RSA Europe last week told Infosecurity that some criminal coders have been reworking elements of the Zeus programme code to allow the malware to cope with some of the latest security features of online banking services.

Krebs says that, whilst Zeus' author licensed his malware to private groups via multiple intermediaries, the programmer behind SpyEye – Harderman –  "has peddled his kit directly to buyers via online forums and instant messages."

"But very recently – the public rivalry died down, and forum members on different sites where Harderman maintained a presence began complaining that they could no longer reach him for support issues", says Krebs.

The security researcher adds that SpyEye's author says that existing ZeuS clients will receive a 30% discount on SpyEye, and that the two malware families will soon be merged into one powerful trojan.

So what is happening?

Krebs asserts that even criminal economies have market corrections and that the assimilation of ZeuS coincides with a massive international law enforcement push to arrest a number of ZeuS-using gangs.

The most interesting aspect of this effective merger between the two trojans, Infosecurity notes, is that Krebs cites postings that the crimeware cost of SpyEye may double.

"In exchange, the malware developer says he will overhaul the kit to include the best of both ZeuS and SpyEye. Specifically, Harderman says he wants to turn the guts of the trojan into a rootkit, and to build additional functionality on top, in the form of modular plugins", he says.

This article is featured in:
Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012