Did Zeus-SpyEye Exploit Toolkit Hit the Black Market?

Tuesday, January 18, 2011



Security researchers warned of the pending merger of the Zeus and Spyeye tools last fall, and it looks as if the first toolkit combining the exploits may have arrived on the black market.

In an article on the McAfee Labs blog, Senior Threat Researcher Francois Paget says that with the release of the toolkit we can expect to see more sophisticated bots in the wild soon.

"Both Zeus and SpyEye were prevalent and dangerous malware separately; the combination of their functionality takes this threat to a new level," Paget writes.

The new release is said to have certain functionality upgrades including an auto-spreading feature, cookies and session cleaning, Zeus killing, and a brute force password breaker.

Paget writes that he has only seen the combined tool offered in two crimeware forums, and that McAfee does not yet have a sample of the source code to analyze.

Paget also expressed some skepticism about the tool's authenticity, noting that the sales price was well below what was expected, and he leaves open the possibility that the item for sale could be part of a scam meant to capitalize on eager hackers.

"...the price strikes me as rather low (only US$800). In November 2010, I came across a discussion between the SpyEye maker and a possible buyer. The developer said the next combined version should be “private” (not released in an open forum) and with a price near US$4,000. Could this announcement be a scam? Of course, only when we discover a sample of this malware will we know for certain that it is now in the wild."

Source: http://blogs.mcafee.com/mcafee-labs/the-first-combined-zeusspyeye-toolkit

Possibly Related Articles:
Viruses & Malware
Hacking McAfee Crimeware Zeus Exploits Headlines SpyEye toolkit
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.