SpyEye Variant Priced the Minimum, Available Online
According to researchers at McAfee, cyber-criminals are trading one fresh SpyEye variant called 'Pastebin paste' at the minimum price of $150 so anybody can obtain it.
The lowly-priced SpyEye is accompanied with a 3-month long non-chargeable hosting service as its new price is tenfold less compared to the variant normally sought to have the identical combinations of the malware from several websites handling freelancing projects.
There are also all the details about the SpyEye botnet in the 'Pastebin paste' package comprising its software, kinds of insertions as well as plug-ins having the support of an MSN e-mail address -firstname.lastname@example.org.
The researchers state that the latest botnet variant doesn't provide plentiful improvements over what existed earlier, something which hasn't still lowered its efficacy.
Indeed, SpyEye v 1.3.45 already had its source-code leaked out, while plentiful technical data regarding the botnet can be obtained online. Luckily, the researchers acquired one active sample (having a working control server) that SpyEye's latest variant created wherein a hard-coded version ID is included as also transmitted onto the command and control server in addition to other details. The investigators picked the variant and reverse-engineered it for finding possible distinctions.
A comparison of the twin variants revealed that they were merely different in that the newer version utilized an XOR key for decoding and unraveling the contents of the C&C system issued configuration file.
The SpyEye variant is decrypted with a Base64-decoded component along with OxDB the non complex XOR key. After gathering details regarding the contaminated PC, the bot transmits them onto its C&C server.
The McAfee researchers said that SpyEye was certainly circulating online over the just gone by years while continued to be the most sought after banker botnet. There were many takers for this widely used bot at just any price demanded. With people trading off the botnet at the incredibly low costs as also with the publicly declared source-code, the botnet's activities were expected to increase with time, the researchers analyzed.
Yet McAfee's experts didn't specify if they communicated with the SpyEye's seller; therefore, the offer can well be a fake alternatively a scam for conning novice botnet-herders.
Related article: SAP Admits the Charges of Downloading Oracle’s Data
» SPAMfighter News - 30-04-2012