BotNet Spyeye Explain + Link Downloads

12:13    2 comments

The SpyEye toolkit is similar to Zeus in a lot of ways. It contains a builder module for creating the Trojan bot executable with config file and a Web control panel for command and control (C&C) of a bot net. Some of the advertised features online are:
•    Formgrabber (Keylogger)
•    Autofill credit card modules
•    Daily email backup
•    Encrypted config file
•    Ftp protocol grabber
•    Pop3 grabber
•    Http basic access authorization grabber
•    Zeus killer
New revisions of SpyEye, with additional features, are being released on a regular basis. The latest version (V1.0.7) contains an interesting new feature called “Kill Zeus” that we have yet to substantiate. SpyEye hooks the same Wininet API (Wininet.dll) HttpSendRequestA as used by Zeus for communications. If a compromised system infected with SpyEye was also infected with Zeus, this in turn would allow SpyEye to grab and report on http requests sent to the Zeus C&C server.

An example of Zeus C&C server report taken from underground forum

The new Kill Zeus feature is optional during the Trojan build process, but it supposedly goes as far as allowing you to delete Zeus from an infected system—meaning only SpyEye should remain running on the compromised system. If the use of SpyEye takes off, it could dent Zeus bot herds and lead to retaliation from the creators of the Zeus crimeware toolkit. This, in turn, could lead to another bot war such as we have seen in the past with Beagle, Netsky, and Mydoom.

An example of the SpyEye Trojan builder control panel

Another feature of SpyEye is the ability to load additional threats onto infected SpyEye systems, by country, using the SpyEye control panel GUI as shown below:
Tutorial Install Botnet Spyeye

Password:Spybot

2 commentaires:

Inscription à : Publier les commentaires (Atom)