SpyEye being kicked to the curb by its customers?

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

SpyEye being kicked to the curb by its customers?
Botnet IceIX, SpyEye, ZeuS
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 /
Editor/Conference Damballa
Link http://blog.damballa.com/?p=1494 blog.damballa.com (blog.damballa.com Archive copy)
Author Sean Bodmer


Since its first release a few years ago, SpyEye has been widely known as a highly effective competitive crimeware construction kit to the tried-and-true malware kit, ZeuS. In Q2 2011, Damballa broke the news that the SpyEye builder 1.3.45 had been cracked by world renowned French researcher, Steven K, 'Xylitol,' a founding member of the RED Crew. As of Q3 2011, Damballa Labs identified 11 new criminal operators, who began using the cracked version of SpyEye. The cracked version had the 'nick/ident' removed from the builder so the criminals could operate without any ties to the original purchaser of the malware kit from the author team. This 'nick/ident' was a stored variable for the builder to use as a component of the built-in licensing system. The authors of SpyEye implemented it into the malware kit to prevent non-paid customers from accessing the powerful malware kit.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR874,
   editor = {Damballa},
   author = {Sean Bodmer},
   title = {SpyEye being kicked to the curb by its customers?},
   date = {06},
   month = Dec,
   year = {2012},
   howpublished = {\url{http://blog.damballa.com/?p=1494 blog.damballa.com}},