Botnet turf war on the horizon
Posted on 10 February 2010.
It seems that one of the predictions for 2010 from Websense's report is likely to come true: bots will be able to detect and actively uninstall competitor bots.

SpyEye is the name of a new toolkit that emerged 2 months ago on Russian underground forums. Its current rate is around $500, and this new competition is probably not seen with a kind eye by other toolkit peddlers.

But what is sure is that it definitely isn't a welcome addition for the Zeus toolkit developers, since Symantec reports that it is set to delete the ever-present Zeus from infected systems.

So far, there isn't much SpyEye activity to be noticed. It has been present only for a couple of months, but has already gone through several versions, acquiring additional capabilities very fast.

And it's this last version that sports the Kill Zeus feature. So far, the features were very similar to that of Zeus - the Trojan was a keylogger, it had autofill credit card modules, made daily email backups, had an encrypted config file, was a ftp protocol grabber, a pop3 grabber, a http basic access authorization grabber, etc.

This capability still remains to be confirmed by security researchers, but if it's true, I can't imagine Zeus creators being very happy. So far, there hasn't been any hint of retaliation, but you may be sure there will be some if SpyEye starts seriously gaining ground. Are we going to witness a new bot war? Time will tell.


Analytics services are tracking users via Chrome extensions

It's quite possible that, despite your belief that the Google Chrome is the safest browser there is and your use of extensions that prevent tracking, your online movements are still being tracked.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Nov 24th