Jump to content
Usr6

SpyEye down- Ice IX up

Recommended Posts

Posted

As commercial crimeware construction tools go, SpyEye has been king of the hill for the last year or so – with dozens of cybercrime organizations adopting it as their attack platform of choice. But has its time come to an end already? In the competitive ecosystem of crimeware construction tools and attack delivery platforms, to maintain a lead, the engineers behind the tools have to continuously innovate and roll out new features to their subscriber-base. In the case of SpyEye, it looks like they’re falling behind and their customers are already switching platforms and providers.

Ever since the public leaking of the 1.3.45 SpyEye builder and some accompanying cracks, a menagerie of “unauthorized” SpyEye resellers and distributors have flooded the hacker forums with cut-price copies of the malware construction tool. As would-be SpyEye sellers tout their latest extensions, fake updates and fixes, the SpyEye original authors have bunkered down – focusing their attention upon only their most trusted customers, and not actively seeking more. As distrust spreads within the cybercrimal fraternity, a number of notable criminal operators have been moving to a new competitor on the block – “Ice IX”.

Ice IX, like its competitors (SpyEye, Zeus, TDL, Hiloti, Carberp, etc.), offers the same core crimeware construction functionality – malware builders, an attack delivery platform, and a management console – and also makes extensive use of third-party developed Web Inject content to extract valuable data from its victims. What makes Ice IX so interesting to (former) SpyEye customers is that it’s being actively maintained and is proving to be a reliable attack platform against even newly patched victims – not to forget being much cheaper too.

Over the last few months Damballa Labs have been tracking a number of criminal operators as they replace their SpyEye installations and migrate to the new Ice IX platform. It is only a trickle at the moment, but we can probably expect more SpyEye operators to transition to other better-supported crimeware construction platforms throughout the year.

To understand why SpyEye is losing out to Ice IX, my colleague Sean Bodmer has pulled together a Research Note on the topic – where he details the crybercriminal migration between attack platforms and discusses the impact on some of the larger (former) SpyEye-based operators we’re tracking.

The Research Note – “SpyEye, being kicked to the curb by its customers?” can be found at http://www.damballa.com/downloads/r_pubs/RN_SpyEye-Kicked-to-Curb_Bodmer.pdf

sursa

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...