spyeye


This post is the second in a three part series. Click here for Part 1 and here for Part 3 Many Android talks on the 2nd day of VB2013! Actually, the importance of mobile threats is something everybody has observed here, and Helen Martin even started the conference mentioning the fact. What a difference compared to conferences 2 or 3 years ago! Rowland Yu - GinMaster : a case study in Android malware In America or Europe, people often tend to think that malware are only "important" if found in Google Play. Rowland however stated an important... [Read More]
by RSS Axelle Apvrille  |  Oct 11, 2013  |  Filed in: Security Research
Razvan Benchea and Dragos Gavrilut in the middle of their presentation I am very happy to have been at VB 2013 once again. The talks were quite interesting. If you were not able to attend, here's the write-up of some presentations I went to. This post is the first in a three part series. Click here for Part 2 and here for Part 3 Andrew Lee - Ethics and the AV industry in the age of WikiLeaks (Keynote) Andrew showed that surveillance programs were not new (the FISA Act dates back to 1978) and that they exist in numerous countries (not only the... [Read More]
by RSS Axelle Apvrille  |  Oct 10, 2013  |  Filed in: Security Research
Following the disappointment at the failure of the end of the world, we decided to do a little recap on the Project Blitzkrieg that has been widely talked about in the security community over the past couple of months following a report by RSA. It might be on a smaller scale than the former but it certainly has a bigger chance of coming true. The operation was named and announced by a Russian hacker called vorVzakone (seen bragging about a car and his house in this video) in a post (translated version, courtesy Krebs on Security) on a Russian semi-private... [Read More]
by RSS Ruchna Nigam  |  Dec 21, 2012  |  Filed in: Security Research
date: 2013-10-14 06:00:00 -0700 category: "Security Research" Final panel on collateral damage in cyber-warfare This post is the third in a three part series. Click here for Part 1 and here for Part 2 Fabio Assolini, Andrey Makhnutin - PAC - the Problem Auto Config (or stealing bank accounts with a 1KB file) Proxy Auto Config are a so big problem in Bresil that Fabio renamed them "Problem Auto Config". They are very small malware which consist in just modifying the proxy server files browsers are meant to use. With Internet Explorer, the proxy... [Read More]
by RSS Axelle Apvrille  |  Jul 30, 2012  |  Filed in: Security Research
Yes, you have probably heard the news: a new variant of Spitmo - Zitmo/ZeuS's counterpart for SpyEye, which previously targeted Symbian phones only - has recently been spotted on Android. The scenario is the same as before: a victim, browsing on a PC infected with SpyEye, logs in her bank's website. SpyEye injects forms and elements directly into the webpages she is viewing, so as to lure her into installing a fake security application on her phone, thinking it's required by the bank. That application actually intercepts SMS messages - especially... [Read More]
by RSS Axelle Apvrille  |  Sep 16, 2011  |  Filed in: Security Research
In the past month changes in the SpyEye botnet kit have more or less stopped, after a very busy year in which many new versions were released. I was recently looking at all of the information I have from testing and analysis of these versions, when it occured to me that this lull in activity would be a good time to put some organized results together. Then when SpyEye returns, in some mutant, Zbot like form, we will have something like a guide to its workings, which should be useful. A good place to start this process is with the SpyEye botnet... [Read More]
by RSS Doug Macdonald  |  Feb 15, 2011  |  Filed in: Security Research
In our previous blog post SpyEye Exposes Mules, we discussed SpyEye’s mule-related policies/strategies, based on the fraudulent fund transfer logs and then drops data on the log server. In this post, we will have a look at the gears under the bonnet. The system in charge of initiating the money transfers from victims’ accounts to mules’ accounts is an essential component of the SpyEye Trojan. It is called by its author “ATS”, for “Auto Transfer System”, and essentially consists in Javascript code. In the bot version we dissected (1.2.92,... [Read More]
by RSS Kyle Yang  |  Nov 18, 2010  |  Filed in: Security Research
In prevision of the anticipated merge between the two infamous banking malware ZeuS and SpyEye, our Threat Analyst Kyle Yang spent some time dissecting the most current version of SpyEye we could get our hands on (W32/SpyEye.C!tr.spy). While SpyEye shares some similarities with ZeuS (encrypted/compressed configuration file, updateable injection scripts, drop zones, update zones for binary and config update, etc ...), an extra feature quickly caught our attention: SpyEye connects to a "log server" that is different than the server where it fetches... [Read More]
by RSS Guillaume Lovet  |  Nov 10, 2010  |  Filed in: Security Research