Idappcom blames hacktivists for SpyEye DDoS enhancements

14th March 2011 - The blame for a DDoS - distributed denial of service - enhancement being added on the infamous SpyEye ebanking malware has been laid at the feet of the WikiLeaks hacktivists by Idappcom.

According to the data traffic analysis and security specialist, it was almost certainly the development - and propagation - of the LOIC DDoS utility by supporters of the Anonymous hacktivist group) that spurred cybercriminals into adding the `feature' to SpyEye.

"What we have been witnessing in the black hat hackersphere these last few months is a mirror image of evolutions in the so-called white hat security arena," said Anthony Haywood, Idappcom's chief technology officer.

"The development of the Low Orbit Ion Cannon DDoS utility showed that it is possible for a few concerted Internet users to stage a powerful DDoS attack on major sites such as MasterCard ( and this, in turn, made the cybercriminals behind SpyEye realise its potential and add the `feature' the online banking trojan," he added.

The Idappcom CTO went on to say that, had the Anonymous/WikiLeaks DDoS utility not been developed, then the world - on both sides of the white/black hat hacker divide - would have remained largely ignorant of what a powerful weapon a DDoS utility is.

SpyEye, he explained, is a form-grabbing trojan horse malware that operates in a similar manner to Zeus but has been marketed by cybercriminals as a lower-cost alternative darkware application that heists banking credentials from infected users' PCs.

The irony of the DDoS enhancement to SpyEye, Haywood says, is that it will push the price of SpyEye rentals to cybercriminals, and so increase the revenue stream for the developers of the trojan.

"Idappcom's in-depth research into darkware-driven side of Internet traffic, makes us realise what a breakthrough the DDoS enhancement to SpyEye really is. We already know that the development team behind the Zeus trojan has also been working on SpyEye since last October ( so it can only a matter of time before Zeus gets this enhancement as well," he said.

"This development really is bad news for those users of the Internet who access their banking system online, as it breathes new life into SpyEye, and prolongs the agony of online banking cybercrime," he added.

"It's to be hoped that the citizen evangelists realise the immense mistake they made in developing such a powerful cybercrime weapon as the LOIC utility, and that the genie really is now well and truly out of the bottle."

For more on the SpyEye DDoS enhancements:

For more on Idappcom: