Forgot your password?
typodupeerror
Security Software Technology

SpyEye Trojan Source Code Leaked 55

Posted by Soulskill
from the without-the-consent-of-major-league-baseball dept.
wiredmikey writes "The SpyEye malware kit has long been both the bane of unsuspecting victims and a boon for cyber-criminals. Now, according to security researchers, the situation may have taken a turn for the worse. The SpyEye Builder patch source code for release 1.3.45 was leaked by the Reverse Engineers Dream Crew (RED Crew) recently after a crew member was able to locate a copy of SpyEye Builder 1.3.45 and create a tutorial that enables a reader with SpyEye Builder to crack the hardware identification."
This discussion has been archived. No new comments can be posted.

SpyEye Trojan Source Code Leaked

Comments Filter:
  • by Anonymous Coward

    from the without-the-consent-of-major-league-baseball dept.

    really? that's the best phrase you came up with?

    • Re: (Score:2, Informative)

      by Anonymous Coward

      It's from the Simpsons episode "Brother's Little Helper."

      *TWELVE YEAR OLD SPOILER WARNING*

      Major League Baseball is found to be spying on Americans with spy satellites.

  • More info (Score:3, Informative)

    by Anonymous Coward on Monday August 15, 2011 @06:04PM (#37100726)

    From ComputerWorld [computerworld.com]: "SpyEye is a particularly nasty piece of malicious software: it can harvest credentials for online accounts and also initiate transactions as a person is logged into their account, literally making it possible to watch their bank balance drop by the second."

    The malware kit is normally sold to criminals, with each sold copy protected by an encryption scheme of some kind. This encryption scheme was cracked and the source code also released, so anyone can now freely compile the software. The malware also uses a botnet to perform transactions using compromised banking credentials. It's not clear if the hack also enables one to setup or control the botnet aspect. However, one could presumably make use of the capability to directly initiate transactions on the victim's computer.

    And to think I just got all my online accounts linked together to make my life easier!

  • on the good side (Score:4, Insightful)

    by kwikrick (755625) on Tuesday August 16, 2011 @02:21AM (#37104120) Homepage Journal

    with the source code out, it should be easy to plug the security holes that the spyware uses, and it should be easy to generate hashes and heuristics for virus scanners to detect spyware on infected computers. In theory anyway.

    • ... Or make variants of the spyware which avoid said heuristics.

      Sir, I'd like you to meet my friend, the double-edged sword...

      • by Anonymous Coward

        "No shit, everything is a double-edged sword. Even a single-edged sword is a double-edged sword. Because on the one hand it's sharp but on the other hand it's dull....a single-edged sword is a double-edged sword."
        --Louis C. K.

  • They should do this more often.
    It is not that they will get sued for copyright infringement or revealing trade secrets ...

    If all malware were put freely on the internet, wouldn't that dry up some of the revenue streams for the authors? Sure, you will briefly see a spike in derivatives, but I believe the way to combat covert actions is not by covert counter-actions, but by bringing it all in the open.

    When you consider this to be a battle, there are a number of things which would make sense:

    1) Choose your ba

Hackers of the world, unite!

Working...