|17 Feb 2011||#1|
| || |
SpyEye, the infostealing trojan leader
Everyone is talking about the SpyEye Trojan, the info stealer malware that gained all the attention after the author of ZeuS left the underground market and sold ZeuS sources to the SpyEye team. We already wrote about SpyEye last year, when we focused on the threat claiming that it could potentially become one of the top password stealing threats. Now that the SpyEye authors have access to all of ZeuS source code, SpyEye is becoming the main kit available for sale in the underground with even more efficient coding with some additional ZeuS based technologies.
Let's have a closer look at the new variants of SpyEye.
The SpyEye dropper comes in a UPX packed executable. After unpacking the first layer, we are lucky as we could already get to the SpyEye code. Actually, we have some samples which make use of highly-obfuscated decryption code, used for a second stage decryption loop. This second stage decryption loop make uses of its own routine able to get function addresses by parsing library export tables. The function is using name hashes instead of plain-text names. The hash is calculated by an ADD/ROL loop.
|My System Specs|
|Similar help and support threads for2: SpyEye, the infostealing trojan leader|
|Official Seven Forums Overclock Leader boards||PC Custom Builds and Overclocking|
|India is world leader in spam output||Security News|
|SpyEye Trojan Code Leak Likely to Promote Rapid Proliferation||Security News|
|Keeping an Eye on the SpyEye Trojan||Security News|
|Apple the new world leader in software insecurity||Chillout Room|
|New speed leader in SSDs||Hardware & Devices|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 12:59 AM.