- Jan 24, 2011
- 9,378
It's been known for some time now that the creator/maintainer of the Zeus malware had turned over responsibility for his code to the author of the SpyEye Trojan and it was assumed that the two code bases had merged, rendering Zeus extinct. However, some new samples of the Zeus bot have surfaced that include new features, indicating that development of the tool is still underway.
A couple of new samples of the Zeus malware have cropped up recently that sport new capabilities that were not available to users of older versions of the attack tool. Zeus customers have typically used some version of a Zeus builder kit to compile and run their copy of the tool, and each of those builder kits has a unique signature that enables to researchers to identify versions of Zeus that came from it.
After the Zeus and SpyEye code bases were joined later last year--which researchers confirmed through the appearance of versions of each tool that showed up with identical sections of code--it was thought that Zeus as a standalone attack tool had breathed its last. However, that appears not to be the case. Researchers have found new versions that include double decryption routines not seen before, as well as an extra anti-analysis check.
More details - link
A couple of new samples of the Zeus malware have cropped up recently that sport new capabilities that were not available to users of older versions of the attack tool. Zeus customers have typically used some version of a Zeus builder kit to compile and run their copy of the tool, and each of those builder kits has a unique signature that enables to researchers to identify versions of Zeus that came from it.
After the Zeus and SpyEye code bases were joined later last year--which researchers confirmed through the appearance of versions of each tool that showed up with identical sections of code--it was thought that Zeus as a standalone attack tool had breathed its last. However, that appears not to be the case. Researchers have found new versions that include double decryption routines not seen before, as well as an extra anti-analysis check.
More details - link
