The SpyEye Tracker, a new site that hopes to trace the activity of the budding SpyEye Trojan, went live this week and shows the emerging SpyEye botnet to be global in reach, but still much smaller than the Zeus botnet with which it has merged.
SpyEye Tracker has already identified 68 malicious Command and Control (C&C) servers spread across North America, Europe, Russia and Asia. Around half of those were online as of Tuesday. That’s a fraction of the 497 C&C servers, 205 online for Zeus, according to the sister site Zeustracker.
SpyEye is the work of Swiss information technology expert Roman Hüssy, creator of the Zeustracker domain, which has highlighted Zeus Trojan activity for nearly two years. Closer scrutiny of Zeus led to a spate of arrests in North America and Europe in recent months.
Reports indicate that the two botnet operations, long rivals for the business of spammers, malware distributors and other online criminal groups, have merged in recent months, with the author of the Zeus botnet turning over the code for his creation to the SpyEye Trojan author.
While Zeus has already emerged as a formidable threat, Hüssy started SpyEye Tracker in an effort to spread the word about the up-and-coming Trojan before it follows suit, according to a report from Brian Krebs at Krebsonsecurity.com.
“My goal is to put SpyEye into the spotlight before it becomes a ‘big’ threat like ZeuS was in the past.”