Thanks, I will take a look at that one. I have several images of disks/memorys of tests with (what the scanners call) Spyeye and Zeus. I can compare them.
Question to MHL, what criteria or marker do you use to classify SpyEye, Zues and Silent Banker?
And, if you have a criteria to identify the new version in the article below, I would love to know what it is.
> Date: Wed, 29 Feb 2012 12:32:16 -0500
> Subject: Re: [Vol-users] strings for new SpyEye
> From: jamie.levy@gmail.com
> To: dragonforen@hotmail.com
> CC: vol-users@volatilityfoundation.org
>
> MHL put up a SpyEye memory sample on the FAQ wiki
> (http://code.google.com/p/volatility/wiki/FAQ#Are_there_any_public_memory_samples_available_that_I_can_use_for)
> earlier that might be of interest:
>
> http://code.google.com/p/malwarecookbook/source/browse/trunk/spyeye.vmem.zip
>
>
>
> On Wed, Feb 29, 2012 at 12:24 PM, Mike Lambert <dragonforen@hotmail.com> wrote:
> > Does anyone have any strings unique for the new SpyEye mentioned in this
> > article?
> > http://redtape.msnbc.msn.com/_news/2012/01/06/9986119-new-virus-raids-your-bank-account-but-you-wont-notice
> >
> > If you have a memory image with this trojan, could you share it with me?
> >
> > Mike Lambert
> > michael-lambert.us
> >
> >
> > _______________________________________________
> > Vol-users mailing list
> > Vol-users@volatilesystems.com
> > http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
> >
>
>
>
> --
> PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92