{
	"id": "759f53d9-221c-4a89-aad3-1ef618854beb",
	"created_at": "2026-04-06T00:19:40.718168Z",
	"updated_at": "2026-04-10T03:21:35.711437Z",
	"deleted_at": null,
	"sha1_hash": "71e3f828965b2d7745f303dee5603e558cf70c6c",
	"title": "SpyEye vs. ZeuS Rivalry",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 59061,
	"plain_text": "SpyEye vs. ZeuS Rivalry\r\nPublished: 2010-04-01 · Archived: 2026-04-05 15:14:49 UTC\r\nIt’s common for malware writers to taunt one another with petty insults nested within their respective creations.\r\nCompeting crime groups also often seek to wrest infected machines from one another. A very public turf war\r\nbetween those responsible for maintaining the Netsky and Bagle worms back in 2005, for example, caused a\r\nsubstantial increase in the volume of threats generated by both gangs.\r\nThe latest rivalry appears to be budding between the authors of the Zeus Trojan — a crime kit used by a large\r\nnumber of cyber thieves — and “SpyEye,” a relatively new kit on the block that is taking every opportunity to jeer\r\nat, undercut and otherwise siphon market share from the mighty Zeus.\r\nSymantec alluded to this in a February blog post that highlighted a key selling point of the SpyEye crimeware\r\nkit:  If the malware created with SpyEye lands on a computer that is already infected with Zeus, it will hijack\r\nand/or remove the Zeus infection.\r\nNow, just a few months later, the SpyEye author is releasing\r\na new update (v. 1.1) that he claims includes the ability to inject content into Firefox and Internet Explorer\r\nbrowsers, just as Zeus does (this screen shot shows the result of a demo configuration file on the left, which\r\ninstructs the malware to inject SpyEye and “Zeuskiller”  banner ads into a live Bank of America Web site). It is\r\nprecisely this injection ability that allows thieves using Zeus to defeat the security tokens that many banks require\r\ncommercial customers to use for online banking.\r\nThe new version comes as the Zeus author is pushing out his own updates (v. 1.4), along with a hefty price tag\r\nhike. The old Zeus kit started at around $4,000, while the base price of the newer version is double that. According\r\nto research from Atlanta-based security firm SecureWorks, Zeus plug-ins that offer additional functionality raise\r\nthe price even more. For example:\r\n-Windows7/Vista compatibility module – $2,000\r\n-Backconnect module (lets criminals connect back to victim and make bank transactions through that PC) –\r\n$1,500\r\n-Firefox form grabbing (copies out any data entered into a form field, such as a user name and password) – $2,000\r\n-Jabber notification (a form of instant message) – $500\r\n-FTP clients saved credentials grabbing module – $2,000\r\n-VNC module — $10,000 (like GoToMyPC for the bad guys, reportedly no longer being sold/supported)\r\nhttps://krebsonsecurity.com/2010/04/spyeye-vs-zeus-rivalry/\r\nPage 1 of 2\n\nThe SpyEye author declined to be interviewed for this story. But it’s clear from his Flash banner ads reproduced\r\nhere that he plans to keep up the public relations campaign against Zeus, with a focus on the relatively low price:\r\nSpyEye costs just $500 (although the new Firefox injection tool runs an extra $1,000).\r\nSecureWorks has noted that the latest versions of Zeus include anti-piracy technology that uses a hardware-based\r\nlicensing system that can only be run on one computer. “Once you run it, you get a code from the specific\r\ncomputer, and then the author gives you a key just for that computer,” SecureWorks wrote. “This is the first time\r\nwe have seen this level of control for malware.”\r\nNot to be outdone, the SpyEye author now claims his malware builder also includes a hardware lock, using\r\nVMProtect, a Russian commercial software protection package.\r\nSource: https://krebsonsecurity.com/2010/04/spyeye-vs-zeus-rivalry/\r\nhttps://krebsonsecurity.com/2010/04/spyeye-vs-zeus-rivalry/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://krebsonsecurity.com/2010/04/spyeye-vs-zeus-rivalry/"
	],
	"report_names": [
		"spyeye-vs-zeus-rivalry"
	],
	"threat_actors": [],
	"ts_created_at": 1775434780,
	"ts_updated_at": 1775791295,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/71e3f828965b2d7745f303dee5603e558cf70c6c.pdf",
		"text": "https://archive.orkl.eu/71e3f828965b2d7745f303dee5603e558cf70c6c.txt",
		"img": "https://archive.orkl.eu/71e3f828965b2d7745f303dee5603e558cf70c6c.jpg"
	}
}