Behavioral analysis and implications of the Spyeye Trojan

Babayiğit U., Gezer A.

ICONSAD 2021, Antalya, Turkey, 22 - 25 May 2022, pp.248-257

  • Publication Type: Conference Paper / Full Text
  • City: Antalya
  • Country: Turkey
  • Page Numbers: pp.248-257
  • Kayseri University Affiliated: No


With the development of the IoT, many technological changes such as the digitalization of the banking sector and smart cities have brought security gaps. In addition to this situation, users carelessly use PC, smartphones, tablets, etc. So that has made the attacks even more flavorful. As a result of this situation, cyber crimes are increasing day by day. This situation, which is a suitable environment for botmasters, provides the opportunity to perform mass attacks using Command and Control (C&C) servers. Firewall and antivirus programs use detection methods using virus signature while performing protection, but this alone is not enough. Additionally, listening for network traffic increases protection. Meet the deficit of the system and detecting botnets and Trojans in the network are vital for both network security and prevention of cyberattacks. Botnets tend to hide from antivirus and protection programs when attacking. So they update themselves. Detecting and revealing the hiding methods of each botnet is extremely important for the detection of their behavior. The behavior of Spyeye is observed, which is derived from Zeus banking malware and acts as a botnet, by making dynamic and static analyses. By presenting examples of packet traffic analysis, which are important for preventing and stopping attacks, a comparison process and analysis are aimed in this study.