Watch Freeks banner

1 - 1 of 1 Posts

24,243 Posts
Discussion Starter #1
imported post

The odds that a cybergang will stealthily turn your PC into a bot this summer and use it to carry out all manner of cyberattacks just notched notably higher.

That's the upshot of a premier hacker's toolkit, called SpyEye, recently being made accessible to cybercriminals of all stripes.

Security analysts anticipate a surge in SpyEye attacks the rest of this year. "Every level of criminal, from the lowest to the highest rungs, can now use one of the deadliest Swiss Army knife hacking toolkits in the world," say Sean Bodmer, senior threat intelligence analyst at network security firm Damballa.

It's been about a week since the keys to accessing SpyEye were publicly disclosed. So far 14 cyber-rings have taken advantage, using SpyEye to send commands to tens of thousands of infected PCs in the U.S. and Europe, according to Damballa research findings.

In the first six months of the year, SpyEye was being used by 29 elite gangs that collectively commanded at least 2.2 million infected PCs worldwide. SpyEye normally sells for up to $10,000. But, as of last week, the latest, most powerful version of SpyEye could be acquired for just $95, says Bodmer.

How this sudden discounting came to be — and the resulting security implications — highlight how complex larceny on the Web has become over the past few years.

SpyEye surfaced in late-2009 as a bigger, badder rival to ZeuS, then the premier hacker's toolkit. SpyEye quickly surpassed ZeuS. By the end of 2010, it had evolved into a pricey, user-friendly software program — sold, updated and copyrighted, much like any legitimate business application.

For a base price of $6,000, SpyEye put a sophisticated Internet-based management tool into the hands of the buyer. Optional plug-in programs pushed the price to $10,000.

Anatomy of a heist

Using SpyEye, a criminal can issue commands to networks of thousands of bots. SpyEye-run botnets have proved to be unstoppable. Criminals use them to deliver spam scams, conduct hacktivist attacks and booby-trap legit websites with infections that create more bots.

What's more, SpyEye may be best known for enabling thieves to orchestrate the systematic siphoning of cash from the online banking accounts of consumers and small organizations. Transactions security firm Trusteer has documented SpyEye-orchestrated banking account heists in action. SpyEye:

•Waits for the account holder to log into his or her online banking account.
•Collects the user's balance figure and determines whether the account is ripe for theft.
•Initiates money transfers invisibly.
•Transfers funds into a mule account that is set up and controlled by the thief to receive cash transfers.
•Erases any evidence of the fraudulent transfer.
•Adds the stolen amount back to the official account balance, as if nothing is amiss.

"SpyEye is very dynamic and versatile," says Amit Klein, Trusteer's chief technical officer. "We see it pushing new builds to the field on a weekly basis. These frequent updates enable SpyEye to be more elusive and less detectable."

Perpetual arms race

In early August, a French researcher, using the online handle Xyliton, discovered how to crack open SpyEye's licensing key, which unlocks the software for full use, complete with a tutorial. In doing so, Xyliton disabled a feature that requires licensed users to designate a name to their copy of the toolkit in an attribution field. Good-guy researchers use this attribution field to keep track of which crime rings are actively using SpyEye. Xyliton then published his findings on the Internet.

Skilled hackers quickly created simple programs to access full versions of SpyEye and began selling them for about $100, Damballa's Bodmer says.

Because of how the crack was carried out, the free and discounted versions of SpyEye recently put to use in attacks are much harder to distinguish, Bodmer says. "Not only is the toolkit now free or very cheap, but attributing usage to a specific criminal operator has become significantly more difficult," he says.

There is debate in tech security circles about whether Xyliton's disclosure did more harm than good. Some experts argue that tech security companies now have more detail about how cutting-edge hacking tools work, which should help with detection and filtering.

"White hats may now gain insight into the workings of (SpyEye), but this will not be the end of the perpetual arms race," says Etay Maor, cybercrime specialist at RSA, the security division of EMC.

Maor predicts that SpyEye's creators will fix the cracked licensing key, improve the core toolkit and push out advancements.

Others worry that botnets have been widely used this summer to conduct intensive Google searches — known as Google hacking — as part of campaigns to locate, then mass infect, more than 8 million Web pages published by smaller online merchants and professional firms. The PC of anyone who navigates to one of these infected small-business pages gets turned into a bot.

"Google hacking is often the first step to perform reconnaissance," says Rob Rachwald, strategy director at security firm Imperva. "It's very likely that SpyEye will be used for Google hacking, and leveraging SpyEye is imminent."
1 - 1 of 1 Posts