Dissecting SpyEye - Understanding the design of third generation botnets

Authors:
Aditya K. Sood;Richard J. Enbody;Rohit Bansal
Affiliations:
Department of Computer Science and Engineering, Michigan State University, East Lansing, MI, USA;Department of Computer Science and Engineering, Michigan State University, East Lansing, MI, USA;SecNiche Security Labs, USA
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2013

Citing 14
Cited 1

Understanding the network-level behavior of spammers

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Measurement and analysis of spywave in a university environment

NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Botnet Research Survey

COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
BitBlaze: A New Approach to Computer Security via Binary Analysis

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Automating analysis of large-scale botnet probing events

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
BotCop: An Online Botnet Traffic Classifier

CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
A Survey of Botnet and Botnet Detection

SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Your botnet is my botnet: analysis of a botnet takeover

Proceedings of the 16th ACM conference on Computer and communications security
Unpacking virtualization obfuscators

WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Protecting Web 2.0 Services from Botnet Exploitations

CTC '10 Proceedings of the 2010 Second Cybercrime and Trustworthy Computing Workshop
The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet

Proceedings of the 26th Annual Computer Security Applications Conference
MasterBlaster: Identifying Influential Players in Botnet Transactions

COMPSAC '11 Proceedings of the 2011 IEEE 35th Annual Computer Software and Applications Conference

Editorial: Editorial for Computer Networks special issue on ''Botnet Activity: Analysis, Detection and Shutdown''

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Botnet malware is improving with the latest (3rd) generation exemplified by the SpyEye and Zeus botnets. These botnets are important to understand because they target online financial transactions, primarily with banks. In this paper, we analyze the components from multiple generations of the SpyEye botnet in order to understand both how it works and how it is evolving. SpyEye is a sophisticated piece of malware with a modular design that eases the incorporation of improvements. We will discuss in detail the complete framework of SpyEye botnet consisting of the Bot Development Kit (BDK), the plugin architecture, the backend storage server, the bot design and the web-based Command and Control (C&C) management system. In addition, we also examine the techniques used by SpyEye to steal money.