SpyEye Trojan Source Code Now in the Wild

Wednesday, August 17, 2011



A security researcher is warning of the potential increase in the prevalence of data-stealing malware exploits after the discovery that the source code for the SpyEye Trojan has been released into the wild.

"Now that SpyEye has been outed, it is only a matter of time before this becomes a much larger malware threat than any we have seen to date. So for the next few months, please hold onto your seats people… this ride is about to get very interesting," wrote security vendor Damballa's Sean Bodmer.

The SpyEye code, which was previously only available to malicious attackers on the black market for a hefty price in the vicinity of $10,000 or so, was leaked by a French researcher who goes by the handle Xyliton, and is a member of the Reverse Engineers Dream (RED) outfit.

"One of the most dangerous Swiss Army knives in malware is now available to billions... What this means is that anybody can use it," blogged Bodmer.

SpyEye is known to be one of the more powerful data-sniffing trojans ever developed, and the release of the source code means the likelihood that there will be a dramatic increase in its application is a very real scenario.

"SpyEye has been on everyone’s priority list of threat discussions for quite some time, and is now going to become an even more pervasive threat. The same thing happened when the Zeus kit source code was released in March 2011," Bodmer stated.

Security researches last spring noted the release of source code for the infamous Zeus Trojan when files containing the code began to appear in underground discussion forums most often used by criminal hackers.

The Zeus Trojan is widely hailed as one of the most dangerous pieces of malware to ever surface in the wild, and numerous variants of the malicious code, continue to propagate.

The Zeus Trojan can lay dormant for long periods until the user of the infected machine accesses accounts such as those used for online banking. Zeus harvests passwords and authentication codes and then sends them to the attackers remotely.

In an article on the McAfee Labs blog lat fall, Senior Threat Researcher Francois Paget warned of the pending merger of the Zeus and Spyeye tools, and the first toolkit combining the exploits arrived on the black market early this year.

"Both Zeus and SpyEye were prevalent and dangerous malware separately; the combination of their functionality takes this threat to a new level," Paget wrote.

Source:  http://www.darkreading.com/security/attacks-breaches/231500009/

Possibly Related Articles:
Viruses & Malware
malware Cyber Crime Zeus Headlines Source Code SpyEye Sniffer trojan
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.