Variants of the SpyEye trojan target banks using a plugin called webinject.txt. We collected 1,318 samples in our back end that matched those from SpyEye Tracker’s RSS Feed. Taking a look inside, we discovered that this collection of samples contains 632 different bank domains and that commerzbank.com was the most targeted bank domain.
Here’s a graph of the top 40 banks targeted by SpyEye:
Click image to biggify.
The Y-Axis represents the number of instances a bank was referenced within the sample set.
And here’s a table of the same:
Don’t see your bank on the list? Don’t worry. if SpyEye doesn’t target your bank, then perhaps ZeuS does.
Click here to download an Excel file with the data above.
Analysis by – M. Hyykoski
Leave a reply