Bastard child of SpyEye/ZeuS merger appears online

Discussion in 'malware problems & news' started by LoneWolf, Jan 25, 2011.

Thread Status:
Not open for further replies.
  1. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    The Register
     
  2. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    interesting and scary article! in a couple of years the antiviruses are going to be obsolete. we should reconsider the security setup to face the new wave of the internet threats...
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From the link that LoneWolf posted:
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    SpyEye 1.3, played with it a couple of days ago.
     
  5. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    They should look to the underground forums or malware reviewing places. Spyeye with anti-Rapport module is readily available.
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Have you tested it against SafeOnline, Spyshelter and Zemana anti-logger? They should protect against it.
     
  8. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    No lol :) not usually with such tools unless there's some specific claim either side. I see what avs think of it through VT then look at it's make up, see what its doing and how.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I couldn't figure from the article, has Trend Micro actually tested that sample against Rapport? Or, all was mentioned is that this sample has "capabilities" of bypassing Rapport? Because, one thing is to have "capabilities", one other to actually do it.

    o_O

    My opinion is that, when some security vendor in possession of some sample mentions in their blog an article stating that the sample bypasses a security product from one other security vendor, some evidence should be provided, not just what the sample says it can do. Otherwise, they're just spreading FUD, IMO.

    At least, that's how I see it. ;)
     
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,726
    Location:
    localhost
    http://www.trusteer.com/blog/alleged-newmerged-spyeye-and-rapport

    Conclusion: A lot of noise for nothing :)
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
  12. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,921
    Location:
    U.S.A.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Unfortunately, the way I see it, the report from Seculert is nothing more than advertisement to their product(s).

    Now, this is some serious work, IMO. Sure, only regarding ZeuS, but I wonder if others (security vendors, no? OK. lol) do pressure what would come out of this? After all, who wants a bad reputation and to be widely blocked? Bad for business, right?

    -http://www.abuse.ch/?p=3130

    I enjoy this person's work. It's lovable, IMHO.
     
  14. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,921
    Location:
    U.S.A.
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Scary stuff, once physically infected. Thanks for posting.
     
  16. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    The SpyEyetracker website, mentioned in the last JRViero linked article above, has interesting info. link
    Numbers show 49 SpyEye C&C servers (with files) today, yesterday it was 48, tuesday was 46, last May only 20; spreading like wildfire...
    Thanks for updating, JRViero.
     
  17. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,921
    Location:
    U.S.A.
    J_L & Baserk, you're both welcome! Take care.
     
  18. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    it's not scary If it's a computer Code it can be reversed

    and thanks god we Have some excelent experience here and there

    so no worries :rolleyes:

    Once a sample Got caught sonner or Later a Fix will Be avalible

    :D
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    It is scary for online bankers who lost money, which is harder to fix.
     
  20. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Personally, I don't see the problem. At least for me in Sweden, if someone hacks my banking account and takes all my money, I get all money back from the bank anyway because it's considered a 'robbery'. Not sure what it's like in America though.
     
  21. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    I dont expect antivirus programs to be obsolete in a few years.
    I cant think of an alternative.
    nothing provides 100% protection.
     
  22. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Antiviruses are already obsolete... they're just the easiest to set up.
     
  23. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    That is why I use DefenseWall. :thumb:
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    DefenseWall is great I just wish there were 64bit versions. 32bit is quickly becoming obsolete... and if I didn't feel like an argument I'd go so far as to say it already is.
     
  25. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    I'll probably be on 32 bit for a while. I'm between jobs right now so I can't afford to buy a 64 bit version of Windows. I'm glad there are programs as good as DefenseWall for 32 bit.
     
Loading...
Thread Status:
Not open for further replies.