In late December 2009 a new crimeware toolkit emanating from Russia—known as SpyEye V1.0—started to appear for sale on Russian underground forums. Retailing at $500, it is looking to take a chunk of the Zeus crimeware toolkit market.
The SpyEye toolkit is similar to Zeus in a lot of ways. It contains a builder module for creating the Trojan bot executable with config file and a Web control panel for command and control (C&C) of a bot net. Some of the advertised features online are:
• Formgrabber (Keylogger)
• Autofill credit card modules
• Daily email backup
• Encrypted config file
• Ftp protocol grabber
• Pop3 grabber
• Http basic access authorization grabber
• Zeus killer
New revisions of SpyEye, with additional features, are being released on a regular basis. The latest version contains an interesting new feature called “Kill Zeus” that we have yet to substantiate. SpyEye hooks the same Wininet API (Wininet.dll) HttpSendRequestA as used by Zeus for communications. If a compromised system infected with SpyEye was also infected with Zeus, this in turn would allow SpyEye to grab and report on http requests sent to the Zeus C&C server.
The Source of SpyEye Loader and Builder has been released by Xylitol.
Cracked by………..: Xylitol
Protection………..: VMProtect (bypass)
Operating System…..: WinAll
Web site………….: n/a
Release date………: 12/03/2011
Release type………: Loader
For ANALYSIS Purpose ONLY
Links to all information source: