|
Edited on Mon Aug-22-11 04:32 AM by EV_Ares
Hacker toolkit SpyEye now available at a bargain price By Byron Acohido USA TODAY
The odds that a cybergang will stealthily turn your PC into a bot this summer and use it to carry out all manner of cyberattacks just notched notably higher. That’s the upshot of a premier hacker’s toolkit, called SpyEye, recently being made accessible to cybercriminals of all stripes. Security analysts anticipate a surge in SpyEye attacks the rest of this year. “Every level of criminal, from the lowest to the highest rungs, can now use one of the deadliest Swiss Army knife hacking toolkits in the world,” say Sean Bodmer, senior threat intelligence analyst at network security firm Damballa. It’s been about a week since the keys to accessing SpyEye were publicly disclosed. So far 14 cyber-rings have taken advantage, using SpyEye to send commands to tens of thousands of infected PCs in the U.S. and Europe, according to Damballa research findings. In the first six months of the year, SpyEye was being used by 29 elite gangs that collectively commanded at least 2.2 million infected PCs worldwide. SpyEye normally sells for up to $10,000. But, as of last week, the latest, most powerful version of SpyEye could be acquired for just $95, Bodmer says.
Using SpyEye, a criminal can issue commands to networks of thousands of bots. SpyEye-run botnets have proved to be unstoppable. Criminals use them to deliver spam scams, conduct hacktivist attacks and booby-trap legit websites with infections that create more bots. What’s more, SpyEye may be best known for enabling thieves to orchestrate the systematic siphoning of cash from the online banking accounts of consumers and small organizations. “SpyEye is very dynamic and versatile,” says Amit Klein, chief technical officer of transactions security firm Trusteer. Some experts worry that wider user of SpyEye could help accelerate another troublesome trend. Crime rings are stepping up the use of botnets to conduct intensive Google searches as part of campaigns to locate, then mass infect, Web pages of smaller online merchants and professional firms. More than 8 million Web pages have recently been infected. “It’s very likely that SpyEye will be used for Google hacking,” says Rob Rachwald, strategy director at security firm Imperva. “Leveraging SpyEye is imminent.”
|