Recently I wrote a three part series of articles (part 1, part 2, part 3) on the evolving threat landscape in the European Union. As I wrote in these articles, there has been a steep rise in the malware infection rates in some European countries that typically have some of the lowest malware infection rates in the world: Austria, Germany, Italy, and the Netherlands. Four specific families of threats contributed to the steep rise in the malware infection rates in these locations: Win32/EyeStye, Win32/Zbot (also known as Zeus), Win32/Keygen, and Blacole.
Yesterday I published an article with more details on Blacole called “The Rise of the “Blackhole” Exploit Kit: The Importance of Keeping All Software Up To Date.”
Today, the Microsoft Malware Protection Center (MMPC) published a new threat report that provides deep technical analysis on the threat most responsible for driving the trend we are seeing in the EU: Win32/EyeStye (a.k.a. SpyEye).
Win32/EyeStye is a family of Trojans that attempt to steal sensitive data, such as logon credentials, from banking websites and other online properties. It then sends this data to a remote attacker. EyeStye is distributed commercially in the form of a builder kit. Modules or plug-ins are also available.
This paper is recommended reading for security professionals on the front lines of trying to defend their organizations and people from threats like EyeStye.
Director, Trustworthy Computing