The story of Tilon malware and its common points with SpyEye

When it was first discovered in 2012, Trusteer researchers said that Tilon was the "son" of a well-known malware called Silon. However, experts from Fox-IT say that Tilon should be called SpeEye2. (download PDF research)

Researchers believe that Tilon was created by a ανάπτυξης της οποίας επικεφαλής ήταν ο Ρώσος Aleksandr Andreevich Panin ( γνωστός και ως “Gribodemon”). Τον Οκτώβριο του 2011, μετά την κυκλοφορία του SpyEye 1.3.48, η ομάδα άρχισε να εργάζεται σε ένα side project, μιας ιδιωτικής ς for rent.

tilon-trojan

Trusteer researchers have reported that Tilon is based on Silon because of his similarity loader component. However, Fox-IT reports that Tilon's functional components are actually based on SpyEye, which means developers have access to SpyeEye's source code.

"Looking at SpyEye2 backend, a lot has changed. There is a single backend system that strongly resembles the original SpyEye RDP backconnect daemon and it contains a lot of code from it SpyEye collector, but using HTTP this time around, ”said a Fox-IT expert.

"The side component is called "dae" (abbreviation for daemon, an audience for a Unix service, which is also used by its component RDP backconnect of SpyEye), and combines bot control, the registration, the his RDP and socks and the management of its structure webinject on a single platform. ”

The fact that Tilon is actually SpyEye2 is also evidenced by the fact that after the capture of Panin, a significant decrease in its activity has been observed.

In fact, now that Panin has pleaded guilty, you will probably spend many years behind bars. It is worth noting that he pleaded guilty to conspiracy to commit online banking fraud, and admitted to being the main developer and distributor of SpyEye. However, this does not necessarily mean that the rest of his team will abandon the development of malware.

iGuRu.gr The Best Technology Site in Greecefgns

Get the best viral stories straight into your !

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).