14 DAY TRIAL // Security researchers from McAfee warn that the first crimware toolkit to result from the ZeuS-SpyEye merger is now available for purchase on the underground market.
Earlier this year the security community was surprised to learn of rumors that ZeuS and SpyEye, two rival threats in the cybercriminal world, would be joined together under a single developer.
This unexpected turn of events was supposedly the result of the ZeuS author's intention to retire from the malware writing scene after a hugely successful run.
The likely reason was the heat ZeuS started getting last year. Cyberfraud gangs using the trojan began being arrested in Ukraine and Russia, showing an unprecedented willingness of authorities in those countries to work with their counterparts in the West.
Under these circumstances, Slavik, ZeuS' creator, decided to leave the source code to harderman the developer of SpyEye, with the condition that he offers support existing clients.
The rumors also claimed that harderman planned to select the best features from both toolkits and combine them to create a new and better trojan.
According to McAfee, on January 11, he released a new "SpyEye / ZS Builder" which is a SpyEye version enhanced with some of ZeuS' functionality.
New features include brute force password guessing, Jabber notification, VNC module, auto-spreading, auto-update, unique stub generation and an enhanced screenshot system.
The builder is much cheaper than ZeuS used to be. The basic version without VNC (remote desktop) and ability to inject code into Firefox pages costs $300, while the price for the full version is $800.
"Both Zeus and SpyEye were prevalent and dangerous malware separately, the combination of their functionality certainly takes this threat to a new level," writes McAfee threat researcher Francois Paget.
