Security researches have exposed the source code for the SpyEye malware development kit The source code of the SpyEye malware development kit is now available thanks to Xyliton and the Reverse Engineers Dream Crew (RED Crew). At face value, this is great news because it helps the security industry understand and combat SpyEye, but there is also a down side.Opening the secrets of the software will help security researchers combat the threat, but it also exposes the source code to other malware developers who can now adapt and morph SpyEye into a new, more insidious threat. Just as the security industry unveils and defangs SpyEye, new SpyEye variants will appear that continue to thwart efforts to block it.A blog post from Damballa Labs declares, “SpyEye has been on everyone’s priority list of threat discussions for quite some time, and is now going to become an even more pervasive threat. The same thing happened when the Zeus kit source code was released in March 2011.”Breaking into the source code is great news for the security research and anti-malware communities. The best way to develop effective defenses for SpyEye attacks is to understand the inner workings of the malware development kit itself, and be able to identify unique aspects of SpyEye threats so they can be blocked. Unfortunately, because the crack to get to the SpyEye source code has been released to the public, its use is not limited to ethical security researchers. Purchasing the SpyEye malware development kit bundle costs about $10,000, but now would-be cyber criminals can keep their cash and set up shop for free by finding a leaked copy of the SpyEye malware kit and using this crack.The Damballa blog post warns, “Reverse Engineering is nothing new, but putting in the hands of babes one of the most powerful cyber threats today, ‘for free’, is something that will mean even more sleepless nights for security administrators.” Sean Bodmer, Senior Threat Intelligence Analyst for Damballa, explains, “Damballa labs has been tracking dozens of new Zeus bot operators since the leak earlier this year, and now that SpyEye has been outed it is only a matter of time before this becomes a much larger malware threat than any we have seen to date.”Bodmer sums up, “So for the next few months, please hold onto your seats people… this ride is about to get very interesting.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe