Variants of the SpyEye trojan target banks using a plugin called webinject.txt. We collected 1,318 samples in our back end that matched those from SpyEye Tracker's RSS Feed. Taking a look inside, we discovered that this collection of samples contains 632 different bank domains and that commerzbank.com was the most targeted bank domain.
Here's a graph of the top 40 banks targeted by SpyEye:
Click image to biggify.
The Y-Axis represents the number of instances a bank was referenced within the sample set.
And here's a table of the same:
Don't see your bank on the list? Don't worry… if SpyEye doesn't target your bank, then perhaps ZeuS does.
Click here to download an Excel file with the data above.