New Banking Malware Combines Elements From Zeus, SpyEye
Seculert's screenshots show that the malware has two control panels -- one resembling Zeus's, and the other fashioned in SpyEye's style. Raff told PC World that the dual-panel system is intended to appeal to a broader spectrum of cybercriminals, "because many of the criminals are used to the look-and-feel of the Zeus administration panel and will find it easier to migrate to the new version." The malware also features a mechanism capable of circumventing Rapport, a security add-on from Trusteer, and allows criminals to remotely target a victim's computer using Microsoft's Remote Desktop Protocol.
Security experts have been worrying about this brand of hybrid malware ever since the Russian hacker who created Zeus reportedly decided to get out of the game. At the time, it was rumored that the code for Zeus had been transferred to the person behind SpyEye. Now, Raff says, those rumors have been validated. Fortunately, only a few criminals appear to be using the tool right now, but experts are still concerned about how it might evolve.