It’s now more than one and a half year ago, when I’ve published ZeuS Tracker.
During the last few weeks SpyEye (a Crimeware kit like ZeuS) has obtained a lot of media attention. In October 2010 it came out that ZeuS merges with SpyEye. There has been a lot of speculations on this topic and it looks like that after the recent ZeuS arrests (see link one / link two) it got to hot for the author of the ZeuS Crimeware so he decided to stop developing and selling the ZeuS Crimeware Kit. Additionally the ZeuS Author has passed the source code of the ZeuS Trojan over to the SpyEye author.
So what does that mean for the Security Community? Personally I think there are two scenarios:
- SpyEye will become the new super banking trojan
- Even if ZeuS is dead it will stay as a rival of SpyEye and the cybercriminals won’t stop using it as long as ZeuS works well
From what I’ve seen and heard during the past days I think most likely ZeuS will stay at the top of the most used Crimeware kits aswell as stay as a rival of SpyEye. But that doesn’t matter anyway: To stay on the secure side I’ve decided to do some effort that SpyEye will not get the next ‘ZeuS’ Trojan. My goal is to put SpyEye into the spotlight before it becomes a ‘big’ threat like ZeuS was in the past (in the bloom time ZeuS Tracker has tracked over 200 active ZeuS C&Cs). To reach this goal I’ve developed another tracking system for ISPs, CERTs and law enforcement. Introducing: SpyEye Tracker.
*** Some words about SpyEye Tracker ***
There isn’t a really big difference between SpyEye Tracker and ZeuS Tracker. As a side note please let me mention that not all features which are available on ZeuS Tracker are yet implemented on SpyEye Tracker at this time. I will try to fix the missing features during the next few weeks.
What is new on SpyEye Tracker is the news section where I’ve planned to publish a new post whenever I make a change to the SpyEye Tracker.
If you have any question please don’t hesitate to drop me a line using the contact form.
You can also follow abuse.ch on Twitter: twitter.com/abuse_ch
*** Further links ***
- abuse.ch: SpyEye Tracker
- Symantec: SpyEye Bot versus Zeus Bot
- KrebsonSecurity: SpyEye v. ZeuS Rivalry Ends in Quiet Merger
- FBI: Over 60 people charged in ZeuS Trojan cybercrime
- Financial Times: Zeus cyber gang brought in $40m”>
- Prevx Blog: SpyEye steals your data. Even in a limited account
- TrendMicro Blog: The SpyEye Interface, Part 1: CN 1
- TrendMicro Blog: The SpyEye Interface Part 2: SYN 1
- SANS Whitepaper: Clash of the Titans: ZeuS v SpyEye
- Damballa Blog: Spy vs SpyEye Part 2: Traffic, Targets and Taxonomy