If you’re not already, it’s time to be extra-vigilant about the emails you open, the friend requests you accept, and the overall security of your home and business computer systems.
Seculert Research Labs has announced that they’ve uncovered a new variation of “Hydra” malware which takes some of the source code from the destructive ZeuS strain, as well as some from the recent, and equally destructive, SpyEye Trojan. The two combined have formed a new threat that is difficult to detect and, like the ZeuS Trojan, preys on unsuspecting computer users’ bank accounts.
The SpyEye/ZeuS hybrid had been speculated to be in development since October, when it was observed that a high-profile rivalry between the hackers who developed and supported the illicit software had died down and posts on several hacker forums indicated that the Russian developer of ZeuS had decided to leave the business and transfer his code to the author of SpyEye.
Shortly thereafter, the SpyEye developer, who goes by the names “Harderman” and “Gribodemon” on various hacker forums, granted an interview with security researchers about combining the two strains and selling licenses of the new variant to cyber-criminals.
“Each time you have a group or piece of malware that starts to get near the level of heat or public attention that ZeuS has gotten over the past year, it’s inevitable that the bad guys are going to transition to something that’s not on everyone’s radar,” said Steve Santorelli, the director of Team Cymru, an organization that monitors underground economic activities.
Now, Seculert Research Labs claims to have identified this new SpyEye/ZeuS hybrid in the wild, and has released screenshots of the administration panel for the kit.
During 2010, the ZeuS Trojan was blamed for stealing millions of dollars from bank accounts after stealing the bank account information of those it infected. SpyEye works in a similar way, and has recently been increasing in detections.
As always, only accept online messages and contact requests from people who you know and trust. Even if messages arrive from people you know, but the message subject of content seems out of character, don’t take the risk of infecting your system with this type of threat.
