The rumored combination of two pieces "ZeuS and SpyEye" of advanced online banking malware is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert.
Seculert has published screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, he said.
ZeuS and SpyEye tailored to evade security software, grab online banking credentials and execute transactions on the fly, has been more than an annoyance. Zeus has been used by several highly organized criminal rings to transfer money out of victims' accounts.
The new malware also has at least a couple of new features. One of those is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks. Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in, Raff said.
The malware writers have also added a way to remotely connect to a victim's computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.
So far, Raff said it appears that only a few cybercriminals are using the new version.
[tags]banking,online banking,internet banking,web security,mobile banking,zeus,spyeye,rapport,anti-rapport[/tags]