It seems that one of the predictions for 2010 from Websense’s report is likely to come true: bots will be able to detect and actively uninstall competitor bots.
SpyEye is the name of a new toolkit that emerged 2 months ago on Russian underground forums. Its current rate is around $500, and this new competition is probably not seen with a kind eye by other toolkit peddlers.
But what is sure is that it definitely isn’t a welcome addition for the Zeus toolkit developers, since Symantec reports that it is set to delete the ever-present Zeus from infected systems.
So far, there isn’t much SpyEye activity to be noticed. It has been present only for a couple of months, but has already gone through several versions, acquiring additional capabilities very fast.
And it’s this last version that sports the Kill Zeus feature. So far, the features were very similar to that of Zeus – the Trojan was a keylogger, it had autofill credit card modules, made daily email backups, had an encrypted config file, was a ftp protocol grabber, a pop3 grabber, a http basic access authorization grabber, etc.
This capability still remains to be confirmed by security researchers, but if it’s true, I can’t imagine Zeus creators being very happy. So far, there hasn’t been any hint of retaliation, but you may be sure there will be some if SpyEye starts seriously gaining ground. Are we going to witness a new bot war? Time will tell.