<< Cybercrime targets 2010 World Cup | And the Oscar goes to... >>

The Pupil Usurps the Master, Not So Fast

February 25, 2010 23:54 by author

By Hon Lau

Since as far back as I can remember there has always been talk of rivalry and wars between various malware creators. The testosterone fuelled battles may have even been encouraged by the media running stories of how such and such botnet “has X million nodes” egging the botnet herders to try and outwit and outgrow each other in a competition to grab market share.

Take for example the Zeus botnet (Trojan.Zbot), this has been around for some time and have now developed into a mature piece of malware that is widely sold and used by wannabe eCriminals to steal information from hapless victims throughout the Internet. The ease of use afforded by the Zeus Trojan builder has helped it achieve its notorious status as one of the most widely seen bots in the world. As with the gold rush in the previous centuries, some people learned that it was easier and more profitable to supply the tools to the people who do the digging than to do the digger themselves.

Of course some would-be eCriminals were not slow to catch on to the idea of providing Trojan creation kits as a business model. While Zeus bot was by no means the first bot, its success has no doubt served as a model for success that has inspired a rash of copycat offerings. One such offering named Trojan.Spyeye was recently reported by my colleague Peter Coogan in his excellent blog. One of the features available in the Spyeye was “Kill Zeus”. A feature blatantly designed to try and commandeer existing Zeus bots from their current owners which could potentially start a bot war between the makers.

With all that’s said, it is still very early days yet for Spyeye after about two months in circulation the level of activity is still very low. Compare and contrast the activity of Spyeye versus Zbot in the chart below:

I had to make the scale a logarithmic one otherwise Spyeye doesn’t even register on the same chart. Based on this data you can draw your own conclusions, Spyeye has a very long road to travel before it can even hope to usurp Zeus as the king of the bots, and we’ll do our utmost in Symantec to make that road as bumpy as possible.

59c68667-d10f-4cb0-ac2a-bb7761365e51|1|5.0

Tags:
Categories: General
Actions: E-mail | Kick it! | Permalink | comment

Comments (0) | RSS comment feed

Comment RSS

Cybercrime targets 2010 World Cup By Josh Talbot I recall watching a Sandra Bullock film called “The Net” in the ...Becks loves me By Candid Wueest David Beckham loves me! Well, love might be too strong a word as we’ve nev...River of spam could flood 2010 By Paul Wood, Senior Analyst, Symantec Hosted Services The New Year has arrived and exciteme...