SpyEye Malware Revamps Posing Threat

According to security engineers EMC's RSA Security Division, the recently released banking malware in the form of SpyEye is plaguing throughout the world. It is indeed proving to be more dangerous this time, even as it has become quite difficult to even detect it and remove it completely from the compromised Windows PCs.

SpyEye comes in the form of a kit acquired by online criminals and its usability is quite simple, though it requires a lot of technical knowledge to operate it successfully.

Both the higher authorities including Head of New Technologies for consumer identity protection, Uri Rivner, and Jason Rader, Chief Security Strategist, put on their white lab overcoats for the RSA Security Conference to be held in London for reviewing the technical details of SpyEye.

Rivner claimed that though the SpyEye had been making rounds in the spyworld for more than one year from now, it is yet considered to be the successor of the banking malware, named Zeus. SpyEye cropped up only after the Zeus writer stopped its development though the project was taken upon by Harderman.

An impending cybercriminal purchasing the malware kit can inadvertently use the graphical interface for setting up a drop-zone, which is a kind of server created to receive online stolen confidential banking information. SpyEye even constitutes personalized configuration files for victimizing most of the online websites related to banking.

Those fields seem to be a seamless component of the lawful Website, though they are actually fraudulent and could export the data fed to the server in the drop zone of the cybercriminals.

However, SpyEye applies numerous techniques for concealing itself, accorded Rader. The spamware is capable of injecting in DLLs or vibrant link libraries or even code libraries that are employed by legitimate applications. Rader also assured of SpyEye's ability to destroy its installation.

Regardless to say, people often unnoticed of being schemed by SpyEye. One of the ways by which a user is trapped is by visiting the affected website. The treasury website of the US was modified similarly last year for delivering the Zeus Trojan.

SpyEye efficiently uses a lot of tricks to conceal itself. It is able to enter the legitimate DLLs and is capable of deleting its own installation files also, thus making itself extremely volatile and incredibly unnoticed for being attended.

Related article: SAP Admits the Charges of Downloading Oracle’s Data

» SPAMfighter News - 10/25/2011