14 DAY TRIAL // The builder application for the SpyEye trojan has been cracked prompting fears that the number of infections will spike and botnets will be harder to trace back to their creators.
Along with ZeuS, SpyEye is one of the most sophisticated and popular trojans used by cyber fraudsters to steal online banking credentials and other financial information.
SpyEye appeared as an alternative to ZeuS, the absolute king of online banking trojans, but last year both crimeware toolkits ended up under the supervision of the same developer who planned to merge them together.
According to a recent report from security vendor Trusteer, ZeuS still remains the most widely used crimeware toolkit, particularly because the source code of ZeuS leaked earlier this year which allowed anyone to create new samples.
The company claims that ZeuS infections outnumber SpyEye's four to one, but the latter threat is rapidly gaining market share.
The SpyEye business model is similar to that of most crimware toolkits. The main author, Hardeman sells the trojan builder to "blacksmiths."
Each of the blacksmiths has an unique hardware-dependant key which they use to generate customized trojan clients. They usually do this for a fee for hackers lower down the food chain.
Security experts from security vendor Damballa warn that a security researcher named Xyliton, who is part of the Reverse Engineers Dream Crew (RED Crew), has managed to patch the SpyEye builder so it no longer requires the encryption key.
This means that anyone can now grab the toolkit, patch it, and start generating their own custom trojans for free. On one hand this helps security researchers better understand how SpyEye works, but on the other, it will probably lead to an increase of SpyEye samples.
"The source, and the ability to ‘zero out’ the builder’s name is already being seen in SpyEye Tracker binaries as of today, 8/11/2011. So, in less than 12 hours, the world of cyber criminals are utilizing the silver platter they have been handed," the Damballa researchers warn.