MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

27.1.10

SpyEye. New bot on the market

SpyEye, a bot which first’s release was on January’s 2 of this year, is a "fresh" malware of interesting features, which has a considerable fast development, being on its 1.0.65 version at the moment.

It was written almost in its entirety on C++, and the binary file has a size of 60kb approximately.
It works from Windows 2000 to Windows 7, and it runs on ring3 (something that possibly makes it detectable for tools like GMER).

Something really interesting here, is that, at the date of first release, the detection rate was basically zero. The price of this bot (base bundle) is USD 500, and some of the features that this bot has at the moment are:
  • Formgrabbing (an advanced keylogging method of capturing web form data) supporting Firefox, IE, Maxthon and Netscape.
  • CC Autofill (A module that, basically, automates the process of credit card frauds, and gives money to the owner)
  • PHP-MYSQL Administration Panel
  • Daily backup of the database via e-mail
  • Exe String-Sources encryption
  • FTP Grabbing (Total Commander, Notepad++, FileZilla, and others)
  • POP3 Grabbing
  • Invisible in processes list, hidden file, invisible in autorun (registry)
As the author says, the mentioned product is very stable, and has a permanence rate of 30%.
As we can see, this industry is in a constant growing-and-sophistication process, something that after all, is very alarming.

Related Information
State of the art in Eleonore Exploit Pack
Siberia Exploit Pack. Another package of explois In-the-Wild
RussKill. Application to perform denial of service attacks
DDoS Botnet. New crimeware particular purpose
JustExploit. New Exploit kit that uses vulnerabili...
Fragus. New botnet framework In-the-Wild
ZeuS Botnet y su poder de reclutamiento zombi
Liberty Exploit System. Alternatively crimeware to...

Mariano Miguel
Malware Researcher in Malware Intelligence

2 comentarios:

Anonymous said...

Get your version :)
http://www.w32whistler.com/

Anonymous said...

Hey, anonymous.
I'd like to ask you some questions, before "getting mine".
ca.fanboy@gmail.com

Thanks

Post a Comment