The Latest in IT Security

We’ve got our eye on Eyestye


Back in October 2011, we began to remove Eyestye variants using the Malicious Software Removal Tool (MSRT) in an effort to prevent the proliferation of this botnet. Today, we published a detailed MMPC Threat Report on this family. The report provides an in-depth analysis of how Win32/EyeStye works and the telemetry we have on its activity in 2011 and early 2012.

Win32/EyeStye is a family of trojans that attempt to steal sensitive data, such as logon credentials, from banking websites and other online properties. EyeStye does not spread on its own by default; instead, it is typically distributed using spam email messages and social engineering. In its effort to steal data, EyeStye lowers your browser’s security settings, making it possible to obtain online banking user names and passwords, credit card numbers, social security numbers, and other data. It then sends all its gathered information back to the operator.

The report examines the functionality of the bot: how it’s created, what it does to an infected computer, how it steals users’ data, and so on. It also discusses where this botnet has been the most prevalent, that is, what countries are most affected according to our data.

Download the report here. You can also read what our TWC friend Tim Rains has to say over here.

Happy reading!

-Jaime Wong

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments