Spy versus spy: Tracker for SpyEye control servers launched
Swiss anti-spam activist Roman Hüssy has launched the SpyEye Tracker service. It's designed to provide an overview of the SpyEye-based botnet control servers currently active around the globe. Hüssy already successfully operates the ZeuS Tracker service, which has tracked the ZeuS online-banking trojan, for quite some time.
Administrators can download a blacklist Hüssy creates from the tracker results and use this blacklist to protect their own networks. A similar service has now become available for SpyEye. Like ZeuS, SpyEye is a trojan toolkit used by criminals to build their own botnets. Trend Micro has released pictures of the control server's user interface on their blog.
SpyEye has long tried to outmatch ZeuS in the digital underworld. It appears to have been unsuccessful so far, because current tracker statistics suggest that there are 10 times as many controls servers for ZeuS than there are for SpyEye. However, this could be about to change, as research by security specialist Brian Krebs suggests that the ZeuS developer, "Slavik", has passed on all his source code to the SpyEye developer, "Harderman", and that Slavik has withdrawn from the toolkit's ongoing development. However, the SpyEye developer said that the ZeuS code was handed over on the condition that Harderman takes over the support for paid toolkits.
Talking to Krebs, Hüssy was sceptical about SpyEye's ability to usurp ZeuS: "Why should they give up something which works and pay for a new tool?", asked Hüssy. The developer said that he created the SpyEye Tracker to put SpyEye into the spotlight before it becomes a "big" threat like ZeuS was in the past. Botnet specialist Damballa is currently registering the Ukraine as the location with the largest amount of SpyEye activity.