Jump to content

Most Computers Infected with SpyEye Are Located in Poland


Recommended Posts

Security researchers from Trend Micro have recently investigated new developments surrounding the SpyEye crimeware and have discovered that most computers infected with this threat are located in Poland.

SpyEye is a sophisticated banking trojan which appeared around a year ago and positioned itself as an alternative to the ZeuS crimeware toolkit.

With a similar set of features for a much lower price, SpyEye not only competed with ZeuS for market share, but also removed it from the computers it infected.

This made it hard for people to believe rumors a few months ago that ZeuS and SpyEye will be merged into a single, more powerful trojan.

Slavik, the ZeuS creator, apparently decided to retire from the malware writing scene and left the trojan's code base to Harderman, the developer behind SpyEye.

Since then, researchers have located new SpyEye versions that show ZeuS signs in their code, suggesting that features are already being ported from one trojan to the other.

One such version was identified recently by security researchers from Trend Micro, who claim that it features enough changes to suggest it's the result of a SpyEye - ZeuS merger.

The builder has a built-in option to evade the Rapport browser security software from Trusteer, it is able to inject code into Mozilla Firefox, extract credit card numbers from POST requests and validate them, steal SSL certificates and install a remote desktop backdoor on infected systems.

"Analyzing how this version has been written compared to previous versions, it seems like Gribodemon [Hardeman] has received help from other criminals to polishing this version, particularly with the addition of the CC grabber plug-ins and anti-rapport option," Loucif Kharouni, senior threat researcher at Trend says.

In a Twitter update, TrendLabs announces that most SpyEye-infected computers are located in Poland, which is unusual giving that most banking trojans usually target users and companies in US and UK.


Link to comment
Share on other sites

  • Views 810
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...