NEWS FROM THE LAB - Tuesday, March 20, 2012

Is your bank on SpyEye's Top 40 list? Posted by ThreatResearch @ 16:37 GMT

Variants of the SpyEye trojan target banks using a plugin called webinject.txt. We collected 1,318 samples in our back end that matched those from SpyEye Tracker's RSS Feed. Taking a look inside, we discovered that this collection of samples contains 632 different bank domains and that commerzbank.com was the most targeted bank domain.

Here's a graph of the top 40 banks targeted by SpyEye:

SpyEye's Top 40 Banks
Click image to biggify.

The Y-Axis represents the number of instances a bank was referenced within the sample set.

And here's a table of the same:

List of SpyEye's Top 40 Banks

Don't see your bank on the list? Don't worry… if SpyEye doesn't target your bank, then perhaps ZeuS does.

Click here to download an Excel file with the data above.


Analysis by — M. Hyykoski