Zeus is getting some competition in the pantheon of malicious software designed to steal bank account information.
Last week, a would-be developer announced he would be releasing a program dubbed Ares to one-up the widespread Zeus banking Trojan. While both programs focus on stealing financial credentials, security experts stress that they can easily be used to infiltrate corporate networks and steal data.
The developer -- who took the humble handle of "God of War," joining dozens, if not hundreds, of other hackers who have used that name -- describes the program as a small, lightweight executable that can evade antivirus and be easily placed into PDFs and other exploitable files. The announcement, posted in an online forum, did not reveal a set price for the program, but called for developers interested in writing add-ons for the project to contact the creator.
"It was designed from the ground up to be modular and scalable," the developer writes in the blog post. "Most of Ares' functionality is provided by modules which allow a great deal of Ares to be customized and updated."
Security firm GData pointed to the announcement as a sign of things to come, noting in a somewhat credulous manner that "a new Trojan called Ares is likely to spread and propagate in the next few days." While a price has not been set for the do-it-yourself bot, the complete Ares platform may sell for 6,000 WMZ, the unit of currency for the WebMoney exchange, or about $5,700, the developer states.
This is not the first time that an upstart malware programmer has decided to take on the titan of banking Trojans. Nearly a year ago, security firms came across advertisements for the SpyEye bot. That program is an attempt to dethrone Zeus, going as far as adding a feature -- "Kill Zeus" -- that removes the competing malware from systems it infects. Unfortunately, the Russian malware group behind SpyEye was apparently unable to settle on a god from the Greek pantheon, ruining the chance that the technology media could put together cheap extended metaphors using Bronze Age mythology. (It seems Hades is too obvious a play on words for the criminal underworld.)
That said, SpyEye is a real program stealing real data. Ares merely remains a mythical threat with an interesting set of features. Yet, the programmer has high hopes for the digital godling.
"I actually consider this more of a platform which is customized to each buyers liking," GoW writes. "This is what draws a line between Ares and other bots."
This article, "Coming soon: 'Clash of the Banking Trojans'," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.