{
	"id": "f40dd331-0f10-4a89-8c27-5bfd374d9ce8",
	"created_at": "2026-04-06T00:12:56.916395Z",
	"updated_at": "2026-04-10T03:22:01.851689Z",
	"deleted_at": null,
	"sha1_hash": "09671587e3937697a21ac1b1494b20f224a02bac",
	"title": "SpyEye Trojan defeating online banking defenses",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43371,
	"plain_text": "SpyEye Trojan defeating online banking defenses\r\nBy Computerworld\r\nPublished: 2011-07-26 · Archived: 2026-04-05 23:39:47 UTC\r\nBanks are facing more trouble from SpyEye, a piece of malicious software that steals money from people’s online\r\nbank accounts, according to new research from security vendor Trusteer.\r\nSpyEye is a particularly nasty piece of malicious software: it can harvest credentials for online accounts and also\r\ninitiate transactions as a person is logged into their account, literally making it possible to watch their bank\r\nbalance drop by the second.\r\nIn its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have\r\nput in place to try and block fraudulent transactions, said Mickey Boodai, Trusteer’s CEO.\r\nBanks are now analyzing how a person uses their site, looking at parameters such as how many pages a person\r\nlooks at on the site, the amount of time a person spends on a page and the time it takes a person to execute a\r\ntransaction. Other indicators include IP address, such as if a person who normally logs in from the Miami area\r\nsuddenly logs in from St. Petersburg, Russia.\r\nSpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person\r\nmanually on the website. That’s a key trigger for banks to block a transaction. So SpyEye’s authors are now trying\r\nto mimic — albeit in an automated way — how a real person would navigate a website.\r\n“They used to pay less attention to the way they execute transactions on the bank’s website and now they are\r\nreally trying to show normal user patterns,” Boodai said. “\r\nBoodai said he has little idea of how successful SpyEye’s new evasion code is, although Trusteer does collect\r\nintelligence from banks that have distributed its browser security tool, Rapport, to their customers. Trusteer has\r\nalso noticed that SpyEye in recent months has expanded the number of financial institutions it is able to target in\r\nan increasing number of countries.\r\nNew target countries include Russia, Saudi Arabia, Bahrain, Oman, Venezuela, Belarus, Ukraine, Moldova,\r\nEstonia, Latvia, Finland, Japan, Hong Kong and Peru. What that means is that more criminal groups around the\r\nworld are purchasing the SpyEye toolkit, Boodai said.\r\nFinancial institutions continue to increase their security spending to protect online transactions, said Avivah Litan,\r\nan analyst at Gartner who regularly consults banks on security issues.\r\nEven to her, financial institutions are coy about revealing how hard they’ve been hit, but “everyone refers to Zeus\r\nor SpyEye — some as common as the word ‘teller'” Litan said.\r\nPolice have had some limited successes. In April, a 26-year-old Lithuanian and a 45-year-old Latvian were\r\ncharged with conspiracy to cause unauthorized modifications to computers, conspiracy to defraud and concealing\r\nhttps://www.computerworld.com/article/2509482/spyeye-trojan-defeating-online-banking-defenses.html\r\nPage 1 of 2\n\nproceeds from crime for allegedly using SpyEye. A third, 26-year-old man whose nationality was not revealed was\r\nbailed pending further questioning.\r\nSpyEye is actually a botnet with a network of command-and-control servers hosted around the world. As of\r\nTuesday, some 46 command-and-control servers were online, according to the SpyEye Tracker, a website\r\ndedicated to gathering statistics about the malicious software.\r\nThat is sharply up. In May, there were just 20 or so active servers responding to computers that were infected with\r\nSpyEye, said Roman Hüssy, who runs the site.\r\n“SpyEye is growing quite well,” he said.\r\nSend news tips and comments to jeremy_kirk@idg.com\r\nSource: https://www.computerworld.com/article/2509482/spyeye-trojan-defeating-online-banking-defenses.html\r\nhttps://www.computerworld.com/article/2509482/spyeye-trojan-defeating-online-banking-defenses.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.computerworld.com/article/2509482/spyeye-trojan-defeating-online-banking-defenses.html"
	],
	"report_names": [
		"spyeye-trojan-defeating-online-banking-defenses.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434376,
	"ts_updated_at": 1775791321,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/09671587e3937697a21ac1b1494b20f224a02bac.pdf",
		"text": "https://archive.orkl.eu/09671587e3937697a21ac1b1494b20f224a02bac.txt",
		"img": "https://archive.orkl.eu/09671587e3937697a21ac1b1494b20f224a02bac.jpg"
	}
}