Wednesday 22 December 2010

SpyEye v1.2.99 protection sucks


Like all others versions same way for do it...




Time to analyze now.

By Anonymous on the 14th of Dec (i've found this on pastbin):
(8:05:51 AM) gribo-demon@jabber.ru: Sure.
(8:06:14 AM) gzero@thesecure.biz/1220123471291729716474396: Glad to hear from you Sir :
(8:06:31 AM) gzero@thesecure.biz/1220123471291729716474396: Good holiday?
(8:06:36 AM) gribo-demon@jabber.ru: Yeah.
(8:06:40 AM) gzero@thesecure.biz/1220123471291729716474396: U needed it man...
(8:07:29 AM) gribo-demon@jabber.ru: I have really much work now.
(8:07:33 AM) gribo-demon@jabber.ru: And i am busy.
(8:07:33 AM) gribo-demon@jabber.ru: =)
(8:07:36 AM) gzero@thesecure.biz/1220123471291729716474396: As ever!
(8:07:45 AM) gzero@thesecure.biz/1220123471291729716474396: May I ask gribo
(8:07:49 AM) gribo-demon@jabber.ru: ?
(8:07:55 AM) gzero@thesecure.biz/1220123471291729716474396: Do you do this AND a legit jov
(8:07:56 AM) gzero@thesecure.biz/1220123471291729716474396: job*
(8:08:08 AM) gzero@thesecure.biz/1220123471291729716474396: or is it just malware development?
(8:08:26 AM) gzero@thesecure.biz/1220123471291729716474396: I cannot imagine where you find the time if you also have a job
(8:08:26 AM) gribo-demon@jabber.ru: Legit job is sucks.
(8:08:32 AM) gzero@thesecure.biz/1220123471291729716474396: Yep ;)
(8:08:35 AM) gzero@thesecure.biz/1220123471291729716474396: So i quit
(8:08:41 AM) gribo-demon@jabber.ru: Just malware development. =)
(8:08:46 AM) gzero@thesecure.biz/1220123471291729716474396: :D
(8:08:49 AM) gzero@thesecure.biz/1220123471291729716474396: and is it true?
(8:08:54 AM) gribo-demon@jabber.ru: Yep.
(8:08:58 AM) gzero@thesecure.biz/1220123471291729716474396: monstr has bowed out :p
(8:09:34 AM) gzero@thesecure.biz/1220123471291729716474396: and that you will merge the two projects?
(8:10:12 AM) gzero@thesecure.biz/1220123471291729716474396: i will let you get back to your work ;)
(8:10:20 AM) gribo-demon@jabber.ru: Yeah. I am already analyse code of Zeus IE webinjects. And insert it into SpyEye.
(8:11:09 AM) gzero@thesecure.biz/1220123471291729716474396: :o
(8:11:19 AM) gzero@thesecure.biz/1220123471291729716474396: Zeus injects were more effective!
(8:11:21 AM) gzero@thesecure.biz/1220123471291729716474396: :p
(8:11:28 AM) gzero@thesecure.biz/1220123471291729716474396: This I can't believe ;)
(8:11:43 AM) gzero@thesecure.biz/1220123471291729716474396: Oh! There is one thing, may I have the latest BC + Collector
(8:11:47 AM) gzero@thesecure.biz/1220123471291729716474396: long story i lost mine
(8:11:51 AM) gzero@thesecure.biz/1220123471291729716474396: but it is not urgent
(8:11:59 AM) gribo-demon@jabber.ru: [*] SpyEyeCollector.v0.3.9.rar
http://www.sendspace.com/file/1iaqf9
passw: spyEYE
(8:12:05 AM) gribo-demon@jabber.ru: ftpbc_v0.31b.rar
http://www.sendspace.com/file/l3y8oo
passw: spyEYE

socks_v0.31b.rar
http://www.sendspace.com/file/1dh00e
passw: spyEYE

bc_server_v0.31b.rar
http://www.sendspace.com/file/erxyzk
passw: spyEYE
(8:12:25 AM) gzero@thesecure.biz/1220123471291729716474396: much love Gribo
(8:12:31 AM) gzero@thesecure.biz/1220123471291729716474396: and i have missed you man ;)
(8:12:41 AM) gzero@thesecure.biz/1220123471291729716474396: it's not just the cool software you know
(8:13:01 AM) gribo-demon@jabber.ru: [*] SpyEye v1.2.99.39:
http://www.sendspace.com/file/6abmmr
passw: spyEYE
(8:13:05 AM) gzero@thesecure.biz/1220123471291729716474396: CHRIST
(8:13:09 AM) gzero@thesecure.biz/1220123471291729716474396: ok thanks :p
(8:13:09 AM) gzero@thesecure.biz/1220123471291729716474396: :D
(8:13:16 AM) gzero@thesecure.biz/1220123471291729716474396: OH
(8:13:25 AM) gzero@thesecure.biz/1220123471291729716474396: i am setting up with a traffic guy
(8:13:31 AM) gzero@thesecure.biz/1220123471291729716474396: we're setting up a load of stuff
(8:13:40 AM) gzero@thesecure.biz/1220123471291729716474396: but soon, if u need good traffic
(8:13:44 AM) gzero@thesecure.biz/1220123471291729716474396: we can help
(8:13:50 AM) gribo-demon@jabber.ru: cool. thnx
(8:13:55 AM) gzero@thesecure.biz/1220123471291729716474396: but dude, its fucking great to hear from u ;)
(8:14:04 AM) gzero@thesecure.biz/1220123471291729716474396: we were quite worried at first!
(8:14:07 AM) gzero@thesecure.biz/1220123471291729716474396: clearly
(8:14:11 AM) gzero@thesecure.biz/1220123471291729716474396: u were away somewhere
(8:14:28 AM) gzero@thesecure.biz/1220123471291729716474396: Señoritas and Sangria ;)
(8:16:32 AM) gzero@thesecure.biz/1220123471291729716474396: anyways
(8:16:35 AM) gzero@thesecure.biz/1220123471291729716474396: Peace bro
(8:16:42 AM) gzero@thesecure.biz/1220123471291729716474396: and send my love to James :p

1 comment:

  1. That gzero guy is one ass kisser. I guess such malware coders all get the beautiful cheerleaders.

    ReplyDelete