Wednesday, 19 October 2011

SpyEye C&C... Hack Them All.

Just found another vulnerable variable on the latest SpyEye frmcp, possibility to upload a shell (as usual on SpyEye) take infos from db etc..
This vulnerability is weak, i don't really care of publishing it.
There is ALOT of others way to get into latest panels.
Anyway, that short (and lame) to make a post just for that, so let's talk about some mod, recently i've hacked some panels who had unusual stuff (and not 'mod' like the bug grabber who i also see that not often) but shit like that:

The Get Info is a shortcut for the bots list
You just have to enter the guid for display infos:

The 'Bots list' is used to separate good bots from bad bots
Bad bots = normal people Facebook etc
Good bots = Bank transfer, billpay, etc 

Or for recognise used bots, marking some bots as socks for example.

'Jabber' is for receive logs from certain bots
He can also setup the report interval, so each 30 mins he gets reports on jabber

Most interesting now: the Video Grabber (videograbber.dll) plugin on the frmcp

Videos are recorded in the Matroska video format and sent directly to the collector.
He can set the time max for stop recording the video etc.. on the config file

Video of a guys who log to facebook

Good quality, the video file size is arround ~383 Kb for 20secs on this panel.

download function, get files from the db:

Thank you for spyeye builder and leak, but I do not find vulnerabilities for money (and i've already all your stuff btw), I do it for fun :þ (and for annoy some guys)

Would be nice to have a coffeegrabber.dll


  1. They're getting smarter and smarter in joining more libs and adding new functions in those shits..., good work!

  2. great job bro, keep it up :). lol@ coffeegrabber and foodgrabber

  3. Looks like our favourite malware author likes playing games in his spare time.

  4. @Anonymous
    he 'showed up' his ip on many russian sites before he started developing spyeye, the thing is spyeye is a good media and av-vendor brand