Feodo is a malware that is similar in concept and features to other banking trojans like ZeuS, SpyEye, Bugat or Carberp. Unlike Zbot or SpyEye, Feodo is not the result of a crimeware toolkit sold on the underground market and that it most likely belongs to a single gang.
Feodo hooks into the browser process and monitors accessed URLs. If any of them matches a regular expression from its config file, it starts capturing form data and submits to its command and control server.
The trojan can also inject rogue form fields in order to trick users into providing more information than is normally required. Feodo doesn't only target banks, but also services like PayPal, Amazon, Myspace or Gmail. ...read more