Clash of the Titans: ZeuS v SpyEye

In this paper, we discuss details of two recent bots - ZeuS and SpyEye, and study their interaction. We describe how to reverse engineer the two binaries and compare the obfuscation and anti-debugging techniques used by them. Since there is already much literature describing their individual malicious capabilities, this paper does not focus on those aspects. Instead, the focus is primarily on the inter-process communication between the two bots - which is a relatively rare phenomenon in the world of malware.