Like all others versions same way for do it...
Time to analyze now.
By Anonymous on the 14th of Dec (i've found this on pastbin):
(8:05:51 AM) gribo-demon@jabber.ru: Sure.
(8:06:14 AM) gzero@thesecure.biz/1220123471291729716474396: Glad to hear from you Sir :
(8:06:31 AM) gzero@thesecure.biz/1220123471291729716474396: Good holiday?
(8:06:36 AM) gribo-demon@jabber.ru: Yeah.
(8:06:40 AM) gzero@thesecure.biz/1220123471291729716474396: U needed it man...
(8:07:29 AM) gribo-demon@jabber.ru: I have really much work now.
(8:07:33 AM) gribo-demon@jabber.ru: And i am busy.
(8:07:33 AM) gribo-demon@jabber.ru: =)
(8:07:36 AM) gzero@thesecure.biz/1220123471291729716474396: As ever!
(8:07:45 AM) gzero@thesecure.biz/1220123471291729716474396: May I ask gribo
(8:07:49 AM) gribo-demon@jabber.ru: ?
(8:07:55 AM) gzero@thesecure.biz/1220123471291729716474396: Do you do this AND a legit jov
(8:07:56 AM) gzero@thesecure.biz/1220123471291729716474396: job*
(8:08:08 AM) gzero@thesecure.biz/1220123471291729716474396: or is it just malware development?
(8:08:26 AM) gzero@thesecure.biz/1220123471291729716474396: I cannot imagine where you find the time if you also have a job
(8:08:26 AM) gribo-demon@jabber.ru: Legit job is sucks.
(8:08:32 AM) gzero@thesecure.biz/1220123471291729716474396: Yep ;)
(8:08:35 AM) gzero@thesecure.biz/1220123471291729716474396: So i quit
(8:08:41 AM) gribo-demon@jabber.ru: Just malware development. =)
(8:08:46 AM) gzero@thesecure.biz/1220123471291729716474396: :D
(8:08:49 AM) gzero@thesecure.biz/1220123471291729716474396: and is it true?
(8:08:54 AM) gribo-demon@jabber.ru: Yep.
(8:08:58 AM) gzero@thesecure.biz/1220123471291729716474396: monstr has bowed out :p
(8:09:34 AM) gzero@thesecure.biz/1220123471291729716474396: and that you will merge the two projects?
(8:10:12 AM) gzero@thesecure.biz/1220123471291729716474396: i will let you get back to your work ;)
(8:10:20 AM) gribo-demon@jabber.ru: Yeah. I am already analyse code of Zeus IE webinjects. And insert it into SpyEye.
(8:11:09 AM) gzero@thesecure.biz/1220123471291729716474396: :o
(8:11:19 AM) gzero@thesecure.biz/1220123471291729716474396: Zeus injects were more effective!
(8:11:21 AM) gzero@thesecure.biz/1220123471291729716474396: :p
(8:11:28 AM) gzero@thesecure.biz/1220123471291729716474396: This I can't believe ;)
(8:11:43 AM) gzero@thesecure.biz/1220123471291729716474396: Oh! There is one thing, may I have the latest BC + Collector
(8:11:47 AM) gzero@thesecure.biz/1220123471291729716474396: long story i lost mine
(8:11:51 AM) gzero@thesecure.biz/1220123471291729716474396: but it is not urgent
(8:11:59 AM) gribo-demon@jabber.ru: [*] SpyEyeCollector.v0.3.9.rar
http://www.sendspace.com/file/1iaqf9
passw: spyEYE
(8:12:05 AM) gribo-demon@jabber.ru: ftpbc_v0.31b.rar
http://www.sendspace.com/file/l3y8oo
passw: spyEYE
socks_v0.31b.rar
http://www.sendspace.com/file/1dh00e
passw: spyEYE
bc_server_v0.31b.rar
http://www.sendspace.com/file/erxyzk
passw: spyEYE
(8:12:25 AM) gzero@thesecure.biz/1220123471291729716474396: much love Gribo
(8:12:31 AM) gzero@thesecure.biz/1220123471291729716474396: and i have missed you man ;)
(8:12:41 AM) gzero@thesecure.biz/1220123471291729716474396: it's not just the cool software you know
(8:13:01 AM) gribo-demon@jabber.ru: [*] SpyEye v1.2.99.39:
http://www.sendspace.com/file/6abmmr
passw: spyEYE
(8:13:05 AM) gzero@thesecure.biz/1220123471291729716474396: CHRIST
(8:13:09 AM) gzero@thesecure.biz/1220123471291729716474396: ok thanks :p
(8:13:09 AM) gzero@thesecure.biz/1220123471291729716474396: :D
(8:13:16 AM) gzero@thesecure.biz/1220123471291729716474396: OH
(8:13:25 AM) gzero@thesecure.biz/1220123471291729716474396: i am setting up with a traffic guy
(8:13:31 AM) gzero@thesecure.biz/1220123471291729716474396: we're setting up a load of stuff
(8:13:40 AM) gzero@thesecure.biz/1220123471291729716474396: but soon, if u need good traffic
(8:13:44 AM) gzero@thesecure.biz/1220123471291729716474396: we can help
(8:13:50 AM) gribo-demon@jabber.ru: cool. thnx
(8:13:55 AM) gzero@thesecure.biz/1220123471291729716474396: but dude, its fucking great to hear from u ;)
(8:14:04 AM) gzero@thesecure.biz/1220123471291729716474396: we were quite worried at first!
(8:14:07 AM) gzero@thesecure.biz/1220123471291729716474396: clearly
(8:14:11 AM) gzero@thesecure.biz/1220123471291729716474396: u were away somewhere
(8:14:28 AM) gzero@thesecure.biz/1220123471291729716474396: Señoritas and Sangria ;)
(8:16:32 AM) gzero@thesecure.biz/1220123471291729716474396: anyways
(8:16:35 AM) gzero@thesecure.biz/1220123471291729716474396: Peace bro
(8:16:42 AM) gzero@thesecure.biz/1220123471291729716474396: and send my love to James :p
(8:06:14 AM) gzero@thesecure.biz/1220123471291729716474396: Glad to hear from you Sir :
(8:06:31 AM) gzero@thesecure.biz/1220123471291729716474396: Good holiday?
(8:06:36 AM) gribo-demon@jabber.ru: Yeah.
(8:06:40 AM) gzero@thesecure.biz/1220123471291729716474396: U needed it man...
(8:07:29 AM) gribo-demon@jabber.ru: I have really much work now.
(8:07:33 AM) gribo-demon@jabber.ru: And i am busy.
(8:07:33 AM) gribo-demon@jabber.ru: =)
(8:07:36 AM) gzero@thesecure.biz/1220123471291729716474396: As ever!
(8:07:45 AM) gzero@thesecure.biz/1220123471291729716474396: May I ask gribo
(8:07:49 AM) gribo-demon@jabber.ru: ?
(8:07:55 AM) gzero@thesecure.biz/1220123471291729716474396: Do you do this AND a legit jov
(8:07:56 AM) gzero@thesecure.biz/1220123471291729716474396: job*
(8:08:08 AM) gzero@thesecure.biz/1220123471291729716474396: or is it just malware development?
(8:08:26 AM) gzero@thesecure.biz/1220123471291729716474396: I cannot imagine where you find the time if you also have a job
(8:08:26 AM) gribo-demon@jabber.ru: Legit job is sucks.
(8:08:32 AM) gzero@thesecure.biz/1220123471291729716474396: Yep ;)
(8:08:35 AM) gzero@thesecure.biz/1220123471291729716474396: So i quit
(8:08:41 AM) gribo-demon@jabber.ru: Just malware development. =)
(8:08:46 AM) gzero@thesecure.biz/1220123471291729716474396: :D
(8:08:49 AM) gzero@thesecure.biz/1220123471291729716474396: and is it true?
(8:08:54 AM) gribo-demon@jabber.ru: Yep.
(8:08:58 AM) gzero@thesecure.biz/1220123471291729716474396: monstr has bowed out :p
(8:09:34 AM) gzero@thesecure.biz/1220123471291729716474396: and that you will merge the two projects?
(8:10:12 AM) gzero@thesecure.biz/1220123471291729716474396: i will let you get back to your work ;)
(8:10:20 AM) gribo-demon@jabber.ru: Yeah. I am already analyse code of Zeus IE webinjects. And insert it into SpyEye.
(8:11:09 AM) gzero@thesecure.biz/1220123471291729716474396: :o
(8:11:19 AM) gzero@thesecure.biz/1220123471291729716474396: Zeus injects were more effective!
(8:11:21 AM) gzero@thesecure.biz/1220123471291729716474396: :p
(8:11:28 AM) gzero@thesecure.biz/1220123471291729716474396: This I can't believe ;)
(8:11:43 AM) gzero@thesecure.biz/1220123471291729716474396: Oh! There is one thing, may I have the latest BC + Collector
(8:11:47 AM) gzero@thesecure.biz/1220123471291729716474396: long story i lost mine
(8:11:51 AM) gzero@thesecure.biz/1220123471291729716474396: but it is not urgent
(8:11:59 AM) gribo-demon@jabber.ru: [*] SpyEyeCollector.v0.3.9.rar
http://www.sendspace.com/file/1iaqf9
passw: spyEYE
(8:12:05 AM) gribo-demon@jabber.ru: ftpbc_v0.31b.rar
http://www.sendspace.com/file/l3y8oo
passw: spyEYE
socks_v0.31b.rar
http://www.sendspace.com/file/1dh00e
passw: spyEYE
bc_server_v0.31b.rar
http://www.sendspace.com/file/erxyzk
passw: spyEYE
(8:12:25 AM) gzero@thesecure.biz/1220123471291729716474396: much love Gribo
(8:12:31 AM) gzero@thesecure.biz/1220123471291729716474396: and i have missed you man ;)
(8:12:41 AM) gzero@thesecure.biz/1220123471291729716474396: it's not just the cool software you know
(8:13:01 AM) gribo-demon@jabber.ru: [*] SpyEye v1.2.99.39:
http://www.sendspace.com/file/6abmmr
passw: spyEYE
(8:13:05 AM) gzero@thesecure.biz/1220123471291729716474396: CHRIST
(8:13:09 AM) gzero@thesecure.biz/1220123471291729716474396: ok thanks :p
(8:13:09 AM) gzero@thesecure.biz/1220123471291729716474396: :D
(8:13:16 AM) gzero@thesecure.biz/1220123471291729716474396: OH
(8:13:25 AM) gzero@thesecure.biz/1220123471291729716474396: i am setting up with a traffic guy
(8:13:31 AM) gzero@thesecure.biz/1220123471291729716474396: we're setting up a load of stuff
(8:13:40 AM) gzero@thesecure.biz/1220123471291729716474396: but soon, if u need good traffic
(8:13:44 AM) gzero@thesecure.biz/1220123471291729716474396: we can help
(8:13:50 AM) gribo-demon@jabber.ru: cool. thnx
(8:13:55 AM) gzero@thesecure.biz/1220123471291729716474396: but dude, its fucking great to hear from u ;)
(8:14:04 AM) gzero@thesecure.biz/1220123471291729716474396: we were quite worried at first!
(8:14:07 AM) gzero@thesecure.biz/1220123471291729716474396: clearly
(8:14:11 AM) gzero@thesecure.biz/1220123471291729716474396: u were away somewhere
(8:14:28 AM) gzero@thesecure.biz/1220123471291729716474396: Señoritas and Sangria ;)
(8:16:32 AM) gzero@thesecure.biz/1220123471291729716474396: anyways
(8:16:35 AM) gzero@thesecure.biz/1220123471291729716474396: Peace bro
(8:16:42 AM) gzero@thesecure.biz/1220123471291729716474396: and send my love to James :p
That gzero guy is one ass kisser. I guess such malware coders all get the beautiful cheerleaders.
ReplyDelete