Security researchers warned of the pending merger of the Zeus and Spyeye tools last fall, and it looks as if the first toolkit combining the exploits may have arrived on the black market.
In an article on the McAfee Labs blog, Senior Threat Researcher Francois Paget says that with the release of the toolkit we can expect to see more sophisticated bots in the wild soon.
"Both Zeus and SpyEye were prevalent and dangerous malware separately; the combination of their functionality takes this threat to a new level," Paget writes.
The new release is said to have certain functionality upgrades including an auto-spreading feature, cookies and session cleaning, Zeus killing, and a brute force password breaker.
Paget writes that he has only seen the combined tool offered in two crimeware forums, and that McAfee does not yet have a sample of the source code to analyze.
Paget also expressed some skepticism about the tool's authenticity, noting that the sales price was well below what was expected, and he leaves open the possibility that the item for sale could be part of a scam meant to capitalize on eager hackers.
"...the price strikes me as rather low (only US$800). In November 2010, I came across a discussion between the SpyEye maker and a possible buyer. The developer said the next combined version should be “private” (not released in an open forum) and with a price near US$4,000. Could this announcement be a scam? Of course, only when we discover a sample of this malware will we know for certain that it is now in the wild."