Related Links

  • Krebs on Security
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


SpyEye and Zeus cybercriminals DDoS blast web security services

10 March 2011

It looks like the battle between the cybercriminals behind the recently twinned SpyEye plus Zeus malwares and the IT security industry is being won by the good guys/girls, as the developers behind the two trojan/botnet darkware applications are reportedly very frustrated with the success of ZeusTracker and SpyEyeTracker.

Security researcher Brian Krebs reports that Roman Hüssy's two sites - ZeusTracker and SpyEyeTracker - are having some success in assisting ISPs and companies to block infected machines from communicating with the Command & Control servers that control the botnet swarms.

Hüssy's sites, says the former Washington Post reporter, have been hit with countless distributed denial-of-service (DDoS) attacks from botmasters, apparently retaliating for having their network infrastructure listed by these services.

"At one point, someone wrote a fake suicide in Hüssy's name and distributed it to his family and friends, prompting local police to rouse him from slumber to investigate his well-being. But, those attacks haven't deterred Hüssy or sidelined his services", he notes.

And now, says Krebs, the attackers are beginning to consider stealthier and more diabolical ways to strike back.

"A series of discussions on an uber-exclusive Russian language forum that caters to identity and credit card thieves reveal that botmasters are becoming impatient in their search for a solution that puts Hüssy and/or his tracking services out of commission once and for all", he said in his latest security blog.

Krebs says that he caught up with Hüssy via instant message earlier this week and asked whether he'd seen any SpyEye or ZeuS configuration files seeded with legitimate sites. "He just laughed."

"ZeusTracker checks if a command and control server is really up before adding it to the blocklist," he told the security researcher. "These guys have no clue how ZeusTracker works."

Krebs quotes one potentially cybercriminal poster on the Russian security forum as "wryly noting that having ZeusTracker and SpyEyeTracker around isn't all bad, because it tends to do a good job of killing off botnets run by novice hackers who don't know to watch out for the services."

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×