Fox-IT Reveals that Author of SpyEye Developed Tilon Trojan

Dutch security firm Fox-IT has revealed that SpyEye author Aleksandr Panin (aka Gribodemon) who was arrested recently is probably also responsible for developing the 'Tilon' banking Trojan employing the same source code as that of his more renowned creation (referring to SpyEye) as a "side project".

As accords to Fox-IT researchers, Tilon, which is now mainly redundant, started life in October 2011, perhaps as a less-known method of making some money from the financial malware market? The malware also did not provide the customer support services on were on board with the acquisition of the more famed SpyEye.

Security vendor Trusteer eventually noticed the malware (Tilon) in August 2012, based on the Silon banking Trojan of 2009 but Fox-IT thinks that Tilon only borrowed the former's loader; its (Tilon) core was reclaimed from SpyEye thereby making it "SpyEye2".

Fox-IT said that the code was reused (rather than being reverse-engineered) which in a way established that its source code was accessible to its authors. Ironically, despite Tilon being less significant helped in improving the overall stability of SpyEye, says Fox-IT.

Interestingly, Tilon is in fact SpyEye2, which has been confirmed by the fact that ever since Panin's arrest there has been a sharp decrease in its activity.

With Panin pleading guilty now, he may remain jailed for many years. He pleads culpable to conspiracy of committing wiring and bank scam and confessed of not only being the main developer but also the distributor of SpyEye. However, this doesn't mean that his associates will stop developing the malware.

Researchers of Fox-IT observe that the SpyEye2 usage has declined significantly in the last one year and it seems as if SpyEye epoch has come to an end but the team developing it will most likely continue their activities in some way or the other.

Softpedia.com published a concluding report on 27th February, 2014 as "Fox-IT sees arrests of Gribodemon and other major figures of the underground grey economy like Paunch, the developer of popular BHEK (Blackhole Exploit Kit), as the factor of reducing online crime activity worldwide. While other players can substitute their knowledge, these actors are significant lynchpin inter-connecting underground faith relation".

» SPAMfighter News - 3/10/2014