SpyEye being kicked to the curb by its customers?
(Publication) Google search: [1]
SpyEye being kicked to the curb by its customers? | |
---|---|
Botnet | IceIX, SpyEye, ZeuS |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / |
Editor/Conference | Damballa |
Link | http://blog.damballa.com/?p=1494 blog.damballa.com (blog.damballa.com Archive copy) |
Author | Sean Bodmer |
Type |
Abstract
“ Since its first release a few years ago, SpyEye has been widely known as a highly effective competitive crimeware construction kit to the tried-and-true malware kit, ZeuS. In Q2 2011, Damballa broke the news that the SpyEye builder 1.3.45 had been cracked by world renowned French researcher, Steven K, 'Xylitol,' a founding member of the RED Crew. As of Q3 2011, Damballa Labs identified 11 new criminal operators, who began using the cracked version of SpyEye. The cracked version had the 'nick/ident' removed from the builder so the criminals could operate without any ties to the original purchaser of the malware kit from the author team. This 'nick/ident' was a stored variable for the builder to use as a component of the built-in licensing system. The authors of SpyEye implemented it into the malware kit to prevent non-paid customers from accessing the powerful malware kit.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR874, editor = {Damballa}, author = {Sean Bodmer}, title = {SpyEye being kicked to the curb by its customers?}, date = {01}, month = May, year = {2012}, howpublished = {\url{http://blog.damballa.com/?p=1494 blog.damballa.com}}, }