Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: SpyEye, the infostealing trojan leader

17 Feb 2011   #1

Win 7 Ultimate 64-bit. SP1.
SpyEye, the infostealing trojan leader


Everyone is talking about the SpyEye Trojan, the info stealer malware that gained all the attention after the author of ZeuS left the underground market and sold ZeuS sources to the SpyEye team. We already wrote about SpyEye last year, when we focused on the threat claiming that it could potentially become one of the top password stealing threats. Now that the SpyEye authors have access to all of ZeuS source code, SpyEye is becoming the main kit available for sale in the underground with even more efficient coding with some additional ZeuS based technologies.

Let's have a closer look at the new variants of SpyEye.

The SpyEye dropper comes in a UPX packed executable. After unpacking the first layer, we are lucky as we could already get to the SpyEye code. Actually, we have some samples which make use of highly-obfuscated decryption code, used for a second stage decryption loop. This second stage decryption loop make uses of its own routine able to get function addresses by parsing library export tables. The function is using name hashes instead of plain-text names. The hash is calculated by an ADD/ROL loop.
SpyEye, the infostealing trojan leader

My System SpecsSystem Spec


 SpyEye, the infostealing trojan leader

Thread Tools

Similar help and support threads for2: SpyEye, the infostealing trojan leader
Thread Forum
Official Seven Forums Overclock Leader boards PC Custom Builds and Overclocking
India is world leader in spam output Security News
SpyEye Trojan Code Leak Likely to Promote Rapid Proliferation Security News
Keeping an Eye on the SpyEye Trojan Security News
Apple the new world leader in software insecurity Chillout Room

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:59 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33