Sunday, October 24, 2010

M&A in the Underground Economy

From Krebs on Security ...

Leading malware developers within the cyber crime community have conspired to terminate development of the infamous ZeuS banking Trojan and to merge its code base with that of the up-and-coming SpyEye Trojan, new evidence suggests. The move appears to be aimed at building a superior e-banking threat whose sale is restricted to a more exclusive and well-heeled breed of cyber crook.

Underground forums are abuzz with rumors that the ZeuS author — a Russian hacker variously known by the monikers “Slavik” and “Monstr” — is no longer planning to maintain the original commercial crimeware kit.

According to numerous hacker forums, the source code for ZeuS recently was transferred to the developer of the SpyEye Trojan, a rival malware maker who drew attention to himself by dubbing his creation the “ZeuS Killer.” The upstart banking Trojan author constantly claimed that his bot creation kit bested ZeuS in functionality and form (SpyEye made headlines this year when investigators discovered it automatically searched for and removed ZeuS from infected PCs before installing itself).

The rest of this post does an excellent job of describing the competitive dynamics in the underground marketplace. Read more here.

1 comment:

Jared Coppotelli said...

As competition in the global economy drives businesses to compete through the creation of more innovative products, competition between developers of malicious software will only lead to more advanced and potentially deleterious forms of cyber crime. As one of the most utilized forms of malware specializing in financial fraud, the Zeus Trojan horse program is completely equipped with impressive information stealing capabilities. As discussed in other posts, millions of dollars are currently being electronically stolen from neighborhoods, schools, and primarily, U.S. companies. It is, quite frankly, frightening to comprehend the thought that the SpyEye Trojan is advanced enough to not only perform superior information stealing capabilities, but also automatically eradicate the Zeus Trojan, which is successfully stealing millions of dollars from innocent communities, from infected computers. The most intimidating part of these malicious software programs is the ease with which they are able to be installed on victims’ computers. As we discussed in class, the vast majority of people would not be able to identify a malicious link sent on their computer, which speaks to our aggregate susceptibility to increasingly advanced forms of malware. As I am currently observing in my final project for this class, some malware may even present itself in its exact opposite form; for example, malware may present itself to victims in the form of an antivirus with the intention of taking a virus off of the victim’s computer. As I witnessed, the offered antivirus download even came equipped with a Live Chat support system, which even had a live person available to try to sell me on downloading the malicious software. The competitive dynamics of the underground malware marketplace will only lead to more innovative forms of cyber crime, which means that it is imperative for us to devise a way to deter cyber criminals from entering this enticing marketplace in the first place.