Embed Size (px)
Citation preview
http://krebsonsecurity.com/2010/09/
Welcome to SpyEye
Front-end interface called “CN 1” or “Main Access Panel.”
Create task for billing a CCSpyEye Console
More billinghammer
Bot List
Bot Net Statistics
Upload a Task Fileinstruct the bot to go to a specific sit
(to generate clicks for possible ad revenue) or to possibly download more malware
Uploads configuration filesUpdates SpyEye binary files for the bots to download
Virtest is a website in Eastern Europe that allows logged-in users to scan binary files and exploit
packs to test if they are being detected by antivirus engines
Settings button
Socks 5 backconnetAllow the bot master to create reverse connections to the bot
SYN 1 or the Formgrabber Access Panel
Amount of data being collectedDate & Time
Search the database of stolen information
Search for a specific bankHhows the entire HTTP request
and all of the data the user sent to the bank
User namePassword
Overview of the sites that the infected computers
Bot master creates a .TXT file that will display FTP user names and passwords
Bot herder can specify an email address to receive a copy of the C&C server’s database
SpyEye can also capture screenshots from infected machines
For ExampleScreenshot of a user at home authenticating
with his/her bank login by using an onscreen keypad
Screenshot displaying all of the user’s account numbers and
how much money was in each account
Steals only Bank of America credential
Displays stolen credit card informationto use the user’s credit cards for the
Create task for Billing
Security certificates that SpyEye has stolen
