Since 2010, SpyEye has appeared against Zeus botnet and has been upgraded so far.
SpyEye was activating from 2010 after that Harderman get the source codes from Slavic, Zeus developer. Integrating process between SpyEye and Zeus' source codes are on progress. Furthermore, SpyEye has special function "Kill Zeus" to kill Zeus as it is. Can user be safe with using SpyEye toolkit from Zeus botnet? Let's find functions on SpyEye.
2. Interface of SpyEye
SpyEye botnet toolkit's interface is as following.
The most attractive function is "Kill Zeus". With this function, it can kill Zeus, however, the actual functions are revealed as same as Zeus'. Of course, the latest version 2.0 on Zeus supports against "Kill Zeus", and it supports "Encryption key" for encrypting on generating botnet and "UPX" to compress.
After setting the preference, generated malicious file has the same function as Zeus', it can be spread via tampered web site and attachment of e-mail. Generated botnet by SpyEye toolkit can remove Zeus botnet and intercept data transferring Zeus C&C server.
* It can require serial number on running.
* Releasing upgrade version is still on progress.
<Releases various versions>
3. How to prevent
These toolkits are still generating botnet, and consecutive version upgrade is still on progress.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.