According to what has been mentioned in underground forums, the author of Zeus (known as "Slavik" and "Monstr") would stop marketing the Trojan, and would have given the source code of it to the author of SpyEye, another similar crimeware, also specialized in the theft of banking information. In the following image you can see how the author of SpyEye (known as "Harderman" and "Gribodemon") announces in a forum the news, and later a Translation into Spanish of what was said:
The curious thing about this fact is that SpyEye was characterized by being "opposition" to Zeus, taking into account that its variants verified if it was installed on the computer and uninstalled it if necessary, which shows that attackers can surprise us day by day, and that beyond their "rivalries" their intention is economic and malicious.Nice day
I will be in charge of the Zeus product from today onwards. I have been given their code for free so that customers who have already purchased it do not run out of technical support. Slavik will no longer take over the product, has deleted the source code from your computer, no longer sells it, and has no more relation to it. You will also not do more business online and in a few days your contact information will not be more active.
He asked me to inform you that it has been a pleasure to work with you. If you have any unresolved issues with him, get in touch as soon as possible.
All customers who purchased the software from Slavik will be taken care of by me under the same conditions as they had been doing, and can come directly to me for any problem.
Thank you all for your attention.
What is the impact of this news? In the first place, a positive aspect could appear: in one way or another, Zeus is disappearing, since although its support will continue, it will not continue to be commercialized nor will there be new developments. It is worth noting that, although it will no longer be commercialized, all versions of Zeus already acquired are still in operation, so this does not represent the total disappearance of this threat. Considering that it has been one of the most used botnets in the last year, a priori this seems like good news, since its growing structure impacted on high rates of spread and infection.
However, according to Krebs' research, SypEye's own author announced on other forums that the two threat families will be "merged into one powerful" shortly, so it is to be expected that in the coming months a major threat will appear in terms of botnets. This is not such encouraging news: while SpyEye is a young threat (its first version is from January 2, 2010) that has been characterized by being very efficient, although not yet so widespread, Zeus has been the most important bot of recent months; and the combination of both could be very important.
Sebastian Bortnik
Awareness & Research Coordinator
Source: ESET Latin America
