Zeus-associated malware (and that includes SpyEye and “SpyZeuS”) isn’t supernaturally difficult to detect. It is, however, pretty adaptive and has introduced, from time to time, some innovative counter-detection techniques.
While trying desperately to catch up with some email before flying out for the upcoming AMTSO workshop, I came upon a reference (tip of the hat to Rob Slade) to an article by Loren Grush about a "Supertrojan computer virus".
Despite my inevitable supersighs at terminology that confuses "Trojan" and "virus", this turns out not to be an "end of computing as we know it" hypefest (or a TEOTWAWKI, as Graham Cluley is apt to refer to overblown security stories. A pity, really, as I would have loved to get the chance to describe a Fox as a Chicken Little.
In fact, the story turns out to refer to the SpyEye/Zeus hybrid that's been anticipated for many moons, and in particular to a recent story by Brian Krebs on the "merger." (See also SpyEye vs. ZeuS Rivalry for a more rounded view on whether the merger is quite as straightforward as the Fox article suggest.)
By the way, http://krebsonsecurity.com is always worth monitoring if you're interested in security news ahead of the curve, though on this occasion I nearly missed it. (Another tip of the hat, this time to Paul Ferguson.)
Zeus-associated malware (and that includes SpyEye and "SpyZeuS") isn't supernaturally difficult to detect. It is, however, pretty adaptive and has introduced, from time to time, some innovative counter-detection techniques. Current developments certainly don't suggest that that is likely to change, even if the name does. In fact, a more recent story by Brian Krebs indicates a likelihood of more Zeus-associated malcode to come.
But the sky is not falling.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow