27 October 2010, 08:54

Spy swallows spy

Botnet Teaser At the beginning of the year, the presumably Russian developer of the ZeuS Trojan toolkit (aka ZBot) and SpyEye seemed to be rivals, but now one has apparently taken over the other. According to research conducted by security specialist Brian Krebs, ZeuS developer "Slavik" has handed over all of his source code to SpyEye developer "Harderman" and withdrawn from further development.

He is apparently no longer reachable for support questions from ZeuS buyers. According to the SpyEye developer, the ZeuS code was handed over under the stipulation that Harderman would continue to provide support for paying customers.

No specific reasons have been given for the ZeuS developer's withdrawal, but rumour is that he has completely disappeared from the Internet. Things may have been getting too hot for him; because of the success of ZeuS, investigators were hot on his trail. Among other things, ZeuS is partly responsible for the rising damage figures for online banking. Recently, Microsoft included ZeuS signatures in its Malicious Software Removal Tool.

It remains to be seen whether ZeuS code will be included in further developments of SpyEye. Up to now, the developer of SpyEye has sold his product as a ZeuS killer, that not only offers better functions, but is also able to delete ZeuS on already infected PCs.

At the same time, another botnet has apparently bitten the dust. Dutch investigators say they have brought down the Bredolab botnet by taking 143 command & control servers off the net. An estimated 30 million Windows PCs worldwide were infected with the Bredolab trojan.

The Dutch High Tech Crime Team says that the botnet could infect three million new PCs a month through infected emails. The authorities apparently plan to use the botnet's structure to inform users that their PCs are infected. The next time they log in, users are to receive a message containing information about the degree of their infection and tips on disinfection.

See also: