Zeus (Zbot) Targeted by Rival Russian Spy Eye Botnet

The popular Zeus Trojan or Zeus Botnet, which has targeted online financial institutions in the past, has a new rival called Spy Eye toolkit which is aimed at overthrowing it.

Spy Eye is an evolved parasite in that is designed to give criminals an easy way to set up their own botnet similar to that of Zeus (Zbot). A botnet created with the Spy Eye toolkit can be used to compromise a group of systems, or botnets, that are programmed to infect users with password-stealing malware. In the past, Zeus has been very destructive in causing losses of over $100 million just last year with its ability to bypass anti-virus applications.

Spy Eye, similar to Zeus, is also a parasite designed to target financial institutions by stealing online banking credentials. Banking information is then used to transfer funds from banking accounts essentially clearing them out. Spy Eye has popped up on the radar screen for security researchers recently in Russian cybercrime forums. Spy Eye was discovered to have a discrete "Kill Zeus" option that is able to remove the Zeus software on a compromised system and give Spy Eye unadulterated access to usernames and passwords.

Zeus already has a massive market being first on our list of top 10 botnets threats in the US and caused issues for banking institutions around the world. Spy Eye looks to overtake Zeus's turf in the ultimate war of botnets. Spy Eye currently sells for $500 on the black market which is about a fifth of the coast of Zeus. Researchers have not seen evidence of Spy Eye on many computers but that could easily change as Spy Eye gains traction as the "new botnet" choice for cybercriminals. Authorities have done what they can to crack down on cybercriminals that utilize these botnets but it continues to be an issue for online banks.

This is not the first time a malicious application was created to overturn another one for the use of the already compromised systems or command-and-control server. A prime example would be when the Srizbi botnet's servers were attacked by Storm Worm attempting to overtake Srizbi's market.

Although Spy Eye does not pose an immediate widespread threat, our fears is that Spy Eye will be twice as lethal as Zeus.