14 DAY TRIAL // Security researchers from Trend Micro claim that SpyEye's development was place on hold and that some of the trojan's features are being ported to the ZeuS crimeware.
This means that previous suspicions according to which the two malware programs were going to be merged into one, were likely true.
A month ago, we reported that signs from the underground community indicated that Slavik, aka Monstr, the author of the ZeuS crimeware toolkit, was leaving the malware development business.
They also suggested that his retirement plan involved leaving the ZeuS codebase to Gribodemon, aka Harderman, his biggest competitor and developer of the SpyEye trojan.
ZeuS (or Zbot) and SpyEye are both pieces of malware designed for fraud, which behave as botnet clients and are similar in functionality.
However, compared to ZeuS, which dates back several years, SpyEye is relatively new and was released at the beginning of 2010.
Trend Micro researchers note that, according to their recent research, SpyEye's development has stopped and Gribodemon's priority now is porting the plug-ins feature to ZeuS.
Current versions of ZeuS can be extended with modules, which needs to be selected before a purchase is made. SpyEye's plug-ins, on the other hand, can be acquired and integrated at a later time.
This suggests that Gribodemon has opted to use ZeuS as basis for future development, probably because the wider array of features and larger client base, but would prefer using the more flexible SpyEye monetizing model.
As far as Slavik is concerned, the Trend researchers don't believe in his retirement. They think he moved on to create more targeted and customized malware for high-value clients.
If Trend's theory holds truth, it will be interesting to see if malware analysts will be able to spot his involvement in future samples, because they say each programmer has his own distinguishable coding style.