Microsoft has included remediation for the SpyEye banking Trojan in its Malicious Software Removal Tool.
The SpyEye form grabber, which goes after authentication details, tries to hide on systems to make detection more difficult, Microsoft said in a blog post on Wednesday.
"The malware file contains obfuscated code, while the payload is injected into running processes," said the post. "It also employs user-mode rootkit protection in an effort to prevent itself from being seen via Windows Explorer or the Command Prompt."
The SpyEye information-stealing malware has far outstripped Zeus in terms of sales of malware kits since October 2010, RSA chief security strategist Jason Rader said in a presentation at the RSA Conference in London on Thursday.
The hacker who developed Zeus, 'Slavik', gave over the source code to SpyEye developer 'Harderman' in October 2010, said Rader. This led to a huge fall in Zeus sales, and a corresponding uptick in SpyEye sales, as Zeus was no longer supported.
Security company Kaspersky described SpyEye as 'ubiquitous' in a blog post on Thursday.
The Zeus code handover was first revealed by security blogger Brian Krebs in October 2010.