SANS Digital Forensics and Incident Response Blog: Tag - software

An Analysis of SpyKing

In this post, I am going to touch on several methods of analysis used in discovering how a potentially malicious program functions. In this case, I have selected a covert surveillance program called SpyKing. The marketing hype concerning this program states:

"SpyKing Vista Spy secretly logs all keystrokes, web sites, emails, chats & IMs: MSN Messenger, Windows Live Messenger, ICQ, AOL Messenger, AIM, Yahoo! Messenger, Windows Messenger and Skype. Takes screen snapshots at every X seconds like a surveillance camera. Displays exact activities, like MySpace, Facebook, PC games, online searches & shopping, file transfers and webmails. You can receive reports remotely via emails or ftp."

As you can see from the image below, the site has been reported as a known attack site with a number of malicious scripts being located on their system.