The Top Forty Banks Targeted by the SpyEye Trojan

Wednesday, March 21, 2012



SpyEye is a particularly nasty piece of malicious software which can harvest credentials for online accounts.

SpyEye is known to be one of the more powerful data-sniffing Trojans ever developed, and the release of the source code last year meant the likelihood of a dramatic increase in its application became a very real scenario.

The SpyEye code, which was previously only available to malicious attackers on the black market for a hefty price in the vicinity of $10,000 or so, was leaked by a French researcher who goes by the handle Xyliton, and is a member of the Reverse Engineers Dream (RED) outfit.

In September of 2011, researchers from security provider Trusteer identified a SpyEye variant in the wild which specifically targets Android devices. The new variant was designed to harvest text messages that contain a one-time use code sent to customers by institutions as an added security measure for clients engaged in mobile banking transactions, making SpyEye an even more powerful tool for stealing financial login credentials.

SpyEye developers also use the tactic of morphing, allowing the malware to
automatically alter its code in order to thwart antivirus software and other security tools.

Researchers from security provider F-Secure have released a list of the top forty banks being targeted by SpyEye based on an analysis of available data.

"Variants of the SpyEye trojan target banks using a plugin called webinject.txt. We collected 1,318 samples in our back end that matched those from SpyEye Tracker's RSS Feed. Taking a look inside, we discovered that this collection of samples contains 632 different bank domains and that was the most targeted bank domain," F-Secure's M. Hyykoski wrote.

A graph of the top forty banks targeted as identified by F-Secure can be found here:

If being target by SpyEye is not concerning enough, online banking aslo has to contend with the the Zeus Trojan. Zeus is widely hailed as one of the most dangerous pieces of malware to ever surface in the wild, and numerous variants of the malicious code continue to propagate.

The Zeus Trojan can lay dormant for long periods until the user of the infected machine accesses accounts such as those used for online banking. Zeus harvests passwords and authentication codes and then sends them to the attackers remotely.

"Don't see your bank on the list? Don't worry… if SpyEye doesn't target your bank, then perhaps ZeuS does," F-Secure quips.

Possibly Related Articles:
Viruses & Malware
Trojans malware Banking Mobile Devices Zeus Headlines Sniffing SpyEye Login F-Secure
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.