Following ZeuS, SpyEye Source Code is Leaked to the Public
The SpyEye malware kit has long been both the bane of unsuspecting victims and a boon for cyber-criminals. Now, according to security firm Damballa, the situation may have taken a turn for the worse.
According to Damballa, SpyEye Builder patch source code for release 1.3.45 was leaked by the Reverse Engineers Dream Crew (RED Crew) last week after a crew member was able to locate a copy of SpyEye Builder 1.3.45 and create a tutorial that enables a reader with SpyEye Builder to crack the hardware identification.
“It is beneficial to researchers for this exact version 1.3.45, but this will only make newer versions harder to crack with enhanced security mechanisms,” Bodmer, a senior threat intelligence analyst at Damballa, told SecurityWeek. “To top it off, the SpyEye author team has already released 1.3.48 and has newer versions in-development.”
The leak also means the tool is widely available to script kiddies, and is now being sold online for as little as $95 “for those not seasoned enough” to compile the code, he added. In a blog post, Bodmer noted the leak throws a monkey-wrench into the operations of the Gribo-Demon crew behind SpyEye. It is now much cheaper, he blogged, for aspiring criminals to find a leaked version of the builder and use the RED Crew tutorial to break its embedded security and launch their own version of SpyEye.
The fact that SpyEye has plagued victims around the world is not in doubt. In April, police in the U.K. arrested a handful of people in connection with a bank fraud operation that used SpyEye to steal money and banking information. Three months later, security vendor Trusteer analyzed SpyEye command and control centers and reported that 60 percent of SpyEye bots target financial institutions in the US. Additionally, 53 percent were observed targeting banks in the U.K., while 31 percent painted a bull’s-eye on banks in Canada.
Related Resource: Summer 2011 Device Developers’ Security Report
Related Reading: Advanced Fraud Threats in Mobile Environments
Related: Zeus Source Code Leaked: Is This Really a Game Changer?