The “Kill ZeuS” feature of the SpyEye crimeware toolkit is more likely to bring in more money to the ZeuS toolkit makers than to encroach upon their territory. How is that, you might ask. Well, it turns out that the feature is successful only in a small percentage of cases.
According to Symantec‘s analysis, the Trojan variants that were successfully removed seem to be only those that were created by one of the earlier versions of the toolkit – one that is now available for free.
“The SpyEye creator most likely got a hold of a copy of this Zeus builder and based his detection and remediation on backwards-engineering the samples it created,” they say. “If anything, this Kill Zeus feature might actually convince Zeus builder users to upgrade to a paid version.”
Since both toolkits are getting upgraded regularly, it will be interesting to see if the SpyEye author(s) will up the ante and continue to improve the feature, or decide it is not worth it and drop it all together. The feature was a good gimmick that made the toolkit more prominent than it otherwise would have been, but the failure to deliver on a promise might be a deal-breaker for many.