RSS

Discover news, guides, and products for your business

Follow us on:
Security Alert
Security Alert
Practical security advice » More Security Alert » RSS » All Blogs
  • Recommend:
  • 0 Comments
  • Print
Business Center

SpyEye Patch Source Code Is a Double-Edged Sword

By Tony Bradley, PCWorld

The source code for a patch that strips protection from the builder so the SpyEye malware development kit can be disassembled is now publicly available thanks to Xyliton and the Reverse Engineers Dream Crew (RED Crew). At face value, this is great news because it helps the security industry understand and combat SpyEye, but there is also a down side.

Opening the secrets of the software will help security researchers combat the threat, but it also exposes the source code to other malware developers who can now adapt and morph SpyEye into a new, more insidious threat. Just as the security industry unveils and defangs SpyEye, new SpyEye variants will appear that continue to thwart efforts to block it.

Malware imageExposing SpyEye source code helps both security researchers and cyber criminals.A blog post from Damballa Labs declares, "SpyEye has been on everyone's priority list of threat discussions for quite some time, and is now going to become an even more pervasive threat. The same thing happened when the Zeus kit source code was released in March 2011."

Breaking into the source code is great news for the security research and anti-malware communities. The best way to develop effective defenses for SpyEye attacks is to understand the inner workings of the malware development kit itself, and be able to identify unique aspects of SpyEye threats so they can be blocked.

Unfortunately, because the crack for the patch to get to the SpyEye source code has been released to the public, its use is not limited to ethical security researchers. Purchasing the SpyEye malware development kit bundle costs about $10,000, but now would-be cyber criminals can keep their cash and set up shop for free by finding a leaked copy of the SpyEye malware kit and using this crack.

The Damballa blog post warns, "Reverse Engineering is nothing new, but putting in the hands of babes one of the most powerful cyber threats today, 'for free', is something that will mean even more sleepless nights for security administrators."

Sean Bodmer, Senior Threat Intelligence Analyst for Damballa, explains, "Damballa labs has been tracking dozens of new Zeus bot operators since the leak earlier this year, and now that SpyEye has been outed it is only a matter of time before this becomes a much larger malware threat than any we have seen to date."

Bodmer sums up, "So for the next few months, please hold onto your seats people... this ride is about to get very interesting."

Was this article useful? Yes 0 No 0

Read more like this:

Tony Bradley

You can follow Tony on his Facebook page, his Google+ profile, or contact him by email at tony_bradley@pcworld.com. He also tweets as @TheTonyBradley.

Comments

  • Speed Up Everything!

    PCWorld shows you the secrets to improve performance on all your hardware.

    Get the Superguide now!

Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Featured Webcasts
More webcasts »

Free Whitepapers

Software and Services Whitepapers from PCWorld

More whitepapers »

Whitepaper Alerts

Get updates on white papers, case studies, and spotlights on tech products and solutions for your business.