Different malware attacking each other for bank details

2010-02-15

Sometimes different pieces of malware can attack one another, as has been seen recently with the Spy Eye Trojan horse attempting to find and destroy copies of its main Trojan rival Zeus.

Spy Eye has a feature called Kill Zeus, which removes the Zeus software from a victim's PC. Both are trying to steal online bank information, battling one another for the data.

Richard Wang, manager of SophosLabs US, noted a similar case involving the authors of the Netsky and Bagle worm families in 2004 and 2005. In this scenario, each new version of one worm would try to disable the latest version of the other, Mr Wang explained.

In more recent times, botnet controllers have launched denial of service attacks against control and update servers for rival botnets, he noted.

Mr Wang commented: "Using one form of malware to attack another is a means of increasing market share and thereby the value of a botnet or other set of controlled computers.

"Cybercriminals already act outside the law; unfair competition practices between them are only to be expected."

He also pointed out that if Spy Eye is found to be effective at "subverting Zeus-controlled computers for its own purposes", then people should "expect to see a response from the authors of the Zeus toolkit".

Mr Wang suggested that as malware spreads and the number of remaining vulnerable computers drops, it is likely malware authors will put more effort into fighting among themselves for control over those systems.

Recent research from Websense found that 13.7 per cent of searches for trending news or buzz words led to malware in the second half of 2009.

In addition, the study revealed that in that same period there was an average growth of 225 per cent in malicious websites, when compared to the second half of 2008.

Read more security news.