Zeus and SpyEye trojans merge

A recent merger of two major banking trojans has led to new concerns about the ability of banking malware.

 Along with the well known Zeus trojan, SpyEye was described by novirusthanks.org at the start of this year as "a new fresh and sophisticated web-based bot" that could be the possible successor to Zeus "due to its very interesting features, with the main objective to steal bank accounts, credit cards, ftp accounts and other sensitive data from the victim's computer".

Kapil Raina, senior product manager at IronKey, said that he believed that the cause of the merger was the Zeus writer retiring and he believed that SpyEye would become the dominant virus of the two.

He said: “The significance of this will mean more brains between the owners and less competition and that is a real problem. It does not need more mules and I believe that the sophistication will increase."

Paul Wood, senior analyst at Symantec Hosted Services, claimed that the Zeus toolkit fell into the public domain some time ago and this led to smaller but more dominant botnets "with the same intention in mind", rather than one big botnet.

Talking to SC Magazine, Ed Rowley, product manager of M86 Security, said: “Was this created from a merger or acquisition? It is interesting how it mirrors the business world with an OEM partnership agreement. Did the cyber criminals get rights to it or did they just steal it? There is a saying that there is no honour among thieves.”

David Jevans, CEO of IronKey, said: “The demand is there for this malware as the codes get more sophisticated. They are now working on getting malware and the trojan (SpyEye) is not as well seen as Zeus but anyone can change it. I am not sure what will happen. At the end of the day people do not want the code to die and will give it away.”

See original article on scmagazineus.com