Security researcher reports SpyEye and ZeuS gangs have merged

According to Krebs, the move seeks to build a better online banking threat whose sale is restricted to a more exclusive and well-heeled breed of cybercrminals.

"Underground forums are abuzz with rumors that the ZeuS author – a Russian hacker variously known by the monikers Slavi and Monstr – is no longer planning to maintain the original commercial crimeware kit", said Krebs in his security blog.

"According to numerous hacker forums, the source code for ZeuS recently was transferred to the developer of the SpyEye Trojan, a rival malware maker who drew attention to himself by dubbing his creation the ZeuS killer", he added.

As previously reported by Infosecurity, whilst the media has focused on ZeuS since earlier this year, the trojan has been floating around in the wild since the summer of 2007.

Security experts at RSA Europe last week told Infosecurity that some criminal coders have been reworking elements of the Zeus programme code to allow the malware to cope with some of the latest security features of online banking services.

Krebs says that, whilst Zeus' author licensed his malware to private groups via multiple intermediaries, the programmer behind SpyEye – Harderman –  "has peddled his kit directly to buyers via online forums and instant messages."

"But very recently – the public rivalry died down, and forum members on different sites where Harderman maintained a presence began complaining that they could no longer reach him for support issues", says Krebs.

The security researcher adds that SpyEye's author says that existing ZeuS clients will receive a 30% discount on SpyEye, and that the two malware families will soon be merged into one powerful trojan.

So what is happening?

Krebs asserts that even criminal economies have market corrections and that the assimilation of ZeuS coincides with a massive international law enforcement push to arrest a number of ZeuS-using gangs.

The most interesting aspect of this effective merger between the two trojans, Infosecurity notes, is that Krebs cites postings that the crimeware cost of SpyEye may double.

"In exchange, the malware developer says he will overhaul the kit to include the best of both ZeuS and SpyEye. Specifically, Harderman says he wants to turn the guts of the trojan into a rootkit, and to build additional functionality on top, in the form of modular plugins", he says.

What’s Hot on Infosecurity Magazine?