You are here: Home » Hi-tech Crime » Malware Turfwar – Russian Botnet Tries to Kill Rival

Malware Turfwar – Russian Botnet Tries to Kill Rival

by Dave on February 20, 2011

evil bot net fightingThis story reads like a hi-tech version of the 1920′s Chicago gangland turf wars.

Let’s start at the beginning. Trojans are malware (malicious software) written to infect computers and steal online banking credentials. Malware kits are now sold online to do-it-yourself cybercriminals. The advent of kits has drastically lowered the bar. No need for a high level of technical knowledge, the kits do the work.

The Zeus malware kit is the 800 pound gorilla. It’s been around a while, it’s frequently updated, and it’s compromised A LOT of computers. In early 2010 the Spy Eye kit appeared as an aggressive rival priced at about 1/5th the price of Zeus.

If Spy Eye lands on a computer infected with Zeus, it will automatically search for Zeus malware. If found Spy Eye will remove the Zeus malware, install itself, and hijack any stolen data. The author of Zeus, seeing a serious threat, added anti-piracy technology. Spy Eye quickly followed suit.

By late 2010 the rivalry died down and rumors began that Zeus and Spy Eye would merge. According to Brian Krebs, security researcher, the merger occurred in October of 2010. Other security researchers say the change was inevitable as authorities worldwide have been increasingly focusing on Zeus.

As a result of the merger, the new code will include the best parts of both Zeus and Spy Eye. Oh, and the price will probably double. Sounds like a traditional business merger, no?

In early Feb 2011, Krebs reports beta versions of the new super Trojan are becomming available.

Additional information:
Computerworld – http://bit.ly/boHapp
KrebsOnSecurity – http://bit.ly/9RKPXO
Merger? – PCWorld – http://bit.ly/eYk6kv
Merger – KrebsOnSecurity – http://bit.ly/9m3NXW
More on the Merger – KrebsOnSecurity – http://bit.ly/h2vHL7

Be Sociable, Share!

Comments on this entry are closed.

Previous post:

Next post: