SpyEye Distribution Campaign Circulating all Over the Web

Security researchers at the security firm "MX Lab" have recently cautioned of a SpyEye distribution campaign through spam e-mails, which is presently circulating on the web world.

MX Lab says that the rouge e-mails comes with a subject of Post Express Service stating that the, "Package is available for pickup!" NR1535" and come from a fake address. The message present in it is steady with conventional package delivery failure alerts that have been earlier used by the malware distributors.

The message states that the package has been returned to the Post Express office due to the wrong delivery address of the package. The package delivery details are also attached to the letter. The e-mail further asks recipients to get a print of the mailing label and visit the Post Express office to receive the packages.

The mails are signed by "Post Express Service", however the only service with that name can be found in Serbia.

The attached ZIP file has the name Post_Express_Label_85211.zip and has the 29 kB large file Post_Express_Label_85211.exe, experts at MX Lab highlight.

The Trojan is called BC.Heuristic.Trojan.SusPacked.BF-6.A (ClamAV), VirTool:Win32/Injector.gen!BB (Microsoft), TROJ_SPYEYE.SMEP (TrendMicro) or Trj/CI.A (Panda), security experts at MX Lab note.

The download has a harmful backdoor Trojan "Backdoor.Agent.AJU" that can run and open TCP ports to connect to public SMTP (Simple Mail Transfer Protocol) servers.

MX Lab security experts claim that 6 of 42 antivirus engines were able to detect the Trojan at Virus Total.

Security experts at the security lab stated that, SpyEye is a sophisticated banking Trojan, which first came around one year ago as a challenger for the notorious Zeus Trojan. Computer Trojans, such as Spy Eye and Zeus steal online banking data, which is used to rob bank accounts by transferring funds to the so-called money mules.

Famous malware developers within the cybercrime community worked together to put an end to the development of the notorious Zeus banking Trojan and to merge its code base with that of the upcoming SpyEye Trojan, as reported by Krebsonsecurity during October 2010. This step seems to be aimed at developing a major e-banking threat, whose sale is limited to a more exclusive and polished group of hackers.

Lastly, above mentioned attacks indicates that SpyEye is becoming a coveted problem for both security firms and users.

Related article: SAP Admits the Charges of Downloading Oracle’s Data

» SPAMfighter News - 2/9/2011