Hacked C&C Server of Spyeye Botnet Reveals Latter’s Activity

Security researchers from Trend Micro have lately been able to infiltrate one command-and-control (C&C) structure that regulates an army of PCs (botnet), which's contaminated with the data/information capturing Trojan SpyEye frequently called "Zeus Killer," while carrying out one Zeus-removal exercise.

The particular SpyEye C&C structure has been found located in the Ukraine. As per the researchers, this server isn't really secure. For, it has been found that the bot controller utilizing it left a number of configuration files along with other folders open.

Separately, the researchers found the maximum number of contaminated PCs, which belonged to the botnet under investigation, as situated in Poland. Also, when they took a screenshot and combined it with data specimens they discovered that one of the attacked institutions of finance was ING Poland.

Said advanced threats researcher Loucif Kharouni at Trend Micro, the discovery was somewhat uncommon since bot accumulators favored targeting Western countries such as the U.K, Spain, France, Italy, Germany and the U.S. Softpedia published this on September 8, 2010.

As for the number of bots in the network, it's rather small indicating that the botnet probably just started its operation although the researchers have found that it has stolen 400MB of data.

Detailed examination reveals that the botnet has already seized plenty of sensitive data that's partly from social-networking websites, banks and intermediate services looking for work.

One more interesting thing about the botnet is that it disseminates an advanced TDSS rootkit variant identified as TROJ_TDSS.VAD. In all likelihood, this task is carried out on behalf of another gang for money. Moreover, during the task, SpyEye is connected with a prominent family which understandably is an element of the PPI (pay-per-install) activity.

State the security researches that malware purveyors find the PPI activity model as highly lucrative. Additionally, it's utilized for disseminating income-generating malware such as spam bots or fake anti-viruses.

Says Senior Security Advisor Rik Ferguson with Trend Micro that for avoiding any future infection, the company suggests that users load an anti-virus solution, which along with searching malicious files, stops admission into malevolent web-pages. Chip Online published this on September 8, 2010.

Related article: Hacked Mall Websites Leave Little Impact on Business

» SPAMfighter News - 9/15/2010