Trojan.Spyeye.B
Posted: July 29, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | July 29, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Mal/SpyEye-B, also known as TR/Spy.SpyEyes.czv or TR/Injector.BI, is a spyware program that SpywareRemove.com malware experts have recently discovered to be promoted by fake Facebook e-mail. These e-mail messages include a fraudulent message about your account supposedly being canceled, with a link enclosed to react to the cancellation request. While this link does lead to Facebook, the page it loads includes a malicious Java application that installs Mal/SpyEye-B and a second Trojan. Since Mal/SpyEye-B and other members of the SpyEye family can steal bank-related information without showing obvious symptoms of their attacks, SpywareRemove.com malware researchers recommend that you try the appropriate security software to uproot and delete Mal/SpyEye-B whenever you suspect a potential Mal/SpyEye-B infection. Some variants of Mal/SpyEye-B may also include worm capabilities, which require that care be taken to avoid spreading Mal/SpyEye-B to other computers via removable drives or wireless networks.
Mal/SpyEye-B and the Smiling Face That Steals Your Bank Account
The latest Mal/SpyEye-B attacks have used the favorite malware-proliferating tactic of mass-mailed e-mail messages masquerading as legitimate alerts from authority figures; in Mal/SpyEye-B's case, that figure is Facebook, and its message is formatted to look similar to an actual Facebook message. Mal/SpyEye-B spam can be identified by the text below:
Hi [email address]
We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request
Thanks,
The Facebook Team
To confirm or cancel this request, follow the link below:
click here
As is always the case with spam-related links, you can avoid any risks from the message in question merely by navigating to the base website without using the enclosed link, if you have any doubts about whether or not the message is legitimate. SpywareRemove.com malware researchers have traced this link back to its source, which, ironically, really is a Facebook page – but a Facebook page that's hosting a malicious Java application. If you run the JavaScript package, you'll be prompted to make an update to Flash that, instead of updating Flash, infects your PC with Mal/SpyEye-B and Troj/Agent-WHZ.
After installation, Mal/SpyEye-B can steal information that's entered into any web browser forms or even simply typed by keyboard. Mal/SpyEye-B and other SpyEye variants can use these attacks to steal bank information, such as passwords and usernames, although they can also be used to steal other types of private data. SpywareRemove.com malware experts warn that most variants of SpyEye like Mal/SpyEye-B don't display visible symptoms or even a separate memory process (since they prefer to inject their code into normal Windows processes). Rootkit components can also allow Mal/SpyEye-B to remain open in Safe Mode, and you should be ready to use any necessary safety measures to disable and remove Mal/SpyEye-B with an appropriate anti-malware application.
The Worm That Writhes Beneath Mal/SpyEye-B's Socializing Grin
Some variants of Mal/SpyEye-B also include worm-based functions; these versions of Mal/SpyEye-B are often identified by aliases such as Worm:Win32/Nusump, Trojan-Spy.Win32.SpyEyes, TrojanSpy.SpyEyes!ONex3HnVi08 or Worm/Nusump.A.10. Relevant attacks that SpywareRemove.com malware researchers recommend you guard against during any potential Mal/SpyEye-B worm infection include:
- Infection via removable hard drives and local networks. Worm versions of Mal/SpyEye-B will spread to these locations automatically and can use Autorun exploits to infect any PC that accesses these resources.
- Infection via Windows Live Messenger. Mal/SpyEye-B will gather your contact list and 'spam' them with links to itself without your consent. SpywareRemove.com malware researchers note that the link included in these messages direct to files on a remote server rather than attempting to send file attachments from the infected PC.
Because Mal/SpyEye-B is a high-level PC threat in all of its variants, you should use anti-malware products to delete all of Mal/SpyEye-B's components if you suspect that your computer's been compromised by a Mal/SpyEye-B attack. SpywareRemove.com malware researchers also recommend keeping JavaScript disabled by default and only acquiring Flash-related updates from reputable sites since either of these safeguards will block Mal/SpyEye-B's favorite installation tactic.
Aliases
More aliases (24)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\cleansweep.exe
File name: cleansweep.exeSize: 103.93 KB (103936 bytes)
MD5: e6ae410803e45c901b07303d3b6963f3
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: C:\cleansweep.exe
Group: Malware file
Last Updated: July 29, 2011
C:\Documents and Settings\<username>\Application Data\jxiz.exe
File name: C:\Documents and Settings\<username>\Application Data\jxiz.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Taskman = C:\Documents and Settings\test user\Application Data\jxiz.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.