According to the finding of Seculert there is a new combination of two pieces of advanced online banking malware circulating on the Internet now. The virus appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye, says Aviv Raff, CTO and cofounder of Seculert.

The security firm posted screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, he said.

Raff said the reason for the dual control panels is "because many of the criminals are used to the look-and-feel of the Zeus administration panel and will find it easier to migrate to the new version."

Security vendors like Trend Micro and McAfee have been talking about speculations that the Russian mastermind behind Zeus left the business and that the source code for Zeus was rumored to have been transferred to the creator of SpyEye, and it was anticipated that the two pieces of malware would be combined. That evidence has just emerged now, Raff said.

Apart from the features similar to the two infamous bontets the new malware has something different. One such feature is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks. Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in, Raff said.

Besides, there is also a way to remotely connect to a victim's computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.