Data Storage Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Information for Data Storage Professionals
Thursday, April 24th 
Next Generation Data Center Is Here!
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Data Centers
Storage Solutions
Storage Networks
Data Storage Issues
Data Security
DST Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Enterprise I.T.

Lessons from the Demise of SpyEye

Lessons from the Demise of SpyEye
February 10, 2014 9:26AM

Bookmark and Share
The mastermind of SpyEye has been captured. The tale of how SpyEye -- the tool of choice for hackers who routinely pilfer from online bank accounts -- overtook the pioneering banking Trojan ZeuS could fit in any textbook on entrepreneurship. What's more, it show how business-like and resilient the world of criminal hacking has become.

Your Next Generation Data Center Is Here! Vblock™ Systems: the world's most advanced converged infrastructure are built on the Cisco Unified Computing System with Intel® Xeon® processors. Vblock™ Systems deliver extraordinary time to market, ROI and TCO, and flexibility to meet your continually changing demands with 5X faster deployment, 96% less downtime, and 1/2 the cost. Click here to learn more.

The cyberunderground paused [to note] that Aleksandr Andreevich Panin, aka "Gribodemon," had pleaded guilty to charges pegging him as the mastermind of SpyEye.

SpyEye is the tool of choice for hackers who routinely pilfer from online bank accounts. It arose in 2009 as a cheaper imitation of the pioneering banking Trojan, ZeuS, which was the creation of a brilliant, young Russian programmer who goes by the aliases Slavik, A-Z, Umbro and Monstr.

ZeuS' creator remains on the loose.

The tale of how SpyEye overtook ZeuS could fit in any textbook on entrepreneurship. What's more, it demonstrates how business-like and resilient the world of criminal hacking has become.

Let's pick up the story circa 2009, with the help of Don Jackson, director of threat intelligence at security start-up PhishLabs, and Loucif Kharouni, researcher at anti-malware firm Trend Micro.

ZeuS is selling for as much as $8,000 to crime gangs expert at hijacking online bank accounts. ZeuS hacks require customized tuning of the attack code, and crews of hackers working in concert to pull off Ocean's Eleven-like heists.

Along comes SpyEye, a lean and modular banking Trojan selling for around $1,000. "While ZeuS was the infrastructure software for elite cybercrime crew operations, SpyEye became ZeuS for the masses," says Jackson.

Banking Trojans infect Internet-connected computers and give the attacker full control. Early versions of SpyEye even included a command to seek out and uninstall any previous ZeuS infection.

ZeuS' creator, Slavik, initially professed to be nonplused by the competition. "Slavik knew his software was great," Kharouni says. "It was well coded, and he had good, loyal customers."

After building a following, Gribodemon announced SpyEye would no longer uninstall ZeuS. "He realized it would be better for him to be seen as a straight up competitor," Kharouni says.

If Gribodemon was bold, Slavik was cautious. A deal was struck. Slavik gave Gribodemon ZeuS' customers and access to ZeuS' top secret source code.

"(Slavik) was relieved of commitments to support the small-time ZeuS operators while keeping his reputation intact," Jackson says. "The SpyEye author was handed ZeuS customers on a silver platter, backed by nothing less than an endorsement by the king of modern crimeware."

Kharouni believes Slavik sensed law enforcement closing in. "He realized it would probably be best for him to give his source code to Gribodemon and make a lot of noise around that, so people would say, 'He's taking his retirement and we won't hear from him again,'" Kharouni says.

In May 2011, Gribodemon's monopoly sustained a fracture. Someone leaked a copy of ZeuS' source code onto public forums, making it possible for any low-skilled programmer to create free versions of ZeuS or SpyEye.

Was it Slavik, who's believed to be in his late 20s?

And what's become of Slavik? Did he have a hand in creating the memory-parsing malware used to breach customer data?

"Did Slavik really retire for good? No, I don't think so," Kharouni says. "He probably just moved on to another project, changed his identity and started something new."

Jackson concurs: "I believe Slavik is still developing custom code for his top-tier clients of ZeuS."

© 2014 USA TODAY syndicated under contract with NewsEdge. All rights reserved.

Tell Us What You Think
Comment:

Name:



 Enterprise I.T.
1. Lessons from Verizon's Threat Report
2. Hortonworks, Concurrent To Partner
3. APX Labs Aims To Put Glass in Business
4. Malware Targets Facebook Users
5. Zebra Buys Motorola Enterprise Biz




 Most Popular Articles
1. Intel Bets on Cloudera for Big Data Analytics
2. SAP HANA Data Warehouse App Gets Faster Analytics
3. Fast Seagate 6 TB Drive Offered for Enterprise Data Centers
4. Resetting All Passwords Now May Be Worst Heartbleed Fix
5. ManageEngine Plug-In Monitors Data Center Security




 Random Bytes
Malware Targets Facebook Users Lessons from Verizon's Threat Report
IBM Adds Disaster Recovery to SoftLayer DB Networks Named 'Hot Company'

 Related Topics  Latest News & Special Reports

  Fund Seeks To Head Off Heartbleeds
  Lessons from Verizon's Threat Report
  Officials Reveal Microsoft Data Center
  Verizon Report Exposes Cyberthreats
  Samsung Data Center Catches Fire

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
Tech Giants Fund Initiative To Prevent Future Heartbleeds
Can more funding prevent Heartbleed vulnerabilities in future open-source software? A new Core Infrastructure Initiative at the Linux Foundation is attempting to find out.
 
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Navigation
Data Storage Today
Home/Top News | Data Centers | Storage Solutions | Storage Networks | Data Storage Issues | Data Security | DST Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Data Storage Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.