Feeds

Tracking website eyeballs SpyEye

Security researcher plays Trojan peekaboo

Using blade systems to cut costs and sharpen efficiencies

A website designed to track the control system of the SpyEye crimeware Trojan has been established.

The site, spyeyetracker.abuse.ch*, was set up by Swiss security researcher Roman Hüssy, and modelled on his successful Zeustracker website. The latter site, which was established in early 2009, has helped security researchers to track the activities of the infamous botnet, which is linked to numerous instances of banking fraud.

Chatter on Russian cybercrime forums has suggested the developer of ZeuS has handed over development of the customisable crimeware toolkit to the miscreant behind SpyEye. For now, at least, malicious activities associated with ZeuS far outnumber those associated with SpyEye.

Zeustracker reports 497 ZeuS C&C servers, with 204 of these command nodes active on Tuesday morning. Its sister site pinpoints 61 SpyEye command and controls servers, 29 of which are active.

Both ZeuS and SpyEye are toolkits that allow the creation of customised Trojans. Each is sold through carding and other black-market forums for hundreds of dollars per licence.

Anti-malware detection of Trojans created by both tools is far from satisfactory, with 40.9 per cent detection for SpyEye and 36.9 per cent for ZeuS, according to the respective tracker sites run by Hüssy.

Other strains of financial malware and crimeware toolkits doing the rounds include Bugat, Clampi and Gozi. Bugat was distributed via a high-profile phishing campaign targeting LinkedIn users last month, an attack that captured the attention of security researchers and makes the malware a potentially good candidate for closer tracking in future. ®

*Both The SpyEye and Zeustracker websites link to live cybercrime domains. Casual surfers are strongly advised not to follow links from either site.

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.