Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Spyware.BossEye

Spyware.BossEye

Updated:
24 February 2006
Risk Impact:
Medium
Systems Affected:
Windows

Behavior

Spyware.BossEye is a spyware program that captures screenshots at specified intervals. These screenshots are stored on the computer and can be accessed remotely in real-time or at a later time by the manager component of the application on another computer. The application can be configured to start recording silently at specific times and durations.

Antivirus Protection Dates

  • Initial Rapid Release version 02 October 2014 revision 022
  • Latest Rapid Release version 02 October 2014 revision 022
  • Initial Daily Certified version 23 February 2006
  • Latest Daily Certified version 28 September 2010 revision 036
  • Initial Weekly Certified release date 01 March 2006
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Spyware.BossEye is a spyware program that captures screenshots at specified intervals. These screenshots are stored on the computer and can be accessed remotely in real-time or at a later time by the manager component of the application on another computer. The application can be configured to start recording silently at specific times and durations.

When the risk is installed, it creates the following files:
%UserProfile%\Start Menu\Programs\Boss Eye DEMO\Boss Eye DEMO.lnk
%UserProfile%\Start Menu\Programs\Boss Eye DEMO\Boss Eye Server.lnk
%UserProfile%\Start Menu\Programs\Boss Eye DEMO\Help.lnk
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Help\akis.chm
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Help\eye.chm
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\INSTALL.LOG
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Player.exe
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Player.mld
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Res\beeng.bin
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Res\logo.bin
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Res\logoeng.bin
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Res\Player.ini
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Res\sa.bin
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\sdk.dat
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Server.exe
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\shootsrv.mld
%ProgramFiles%\UAB Optiva\Boss Eye DEMO\Uninstall.exe

It also creates the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35FF5640-2F2E-4AA1-8FF6-EDA3FFEA2D17}

The risk then takes screenshots of the compromised computer's display, allowing all user activity visible onscreen to be recorded and accessed remotely by another computer. This includes such things as Web browsing habits, email, and running applications. These screenshots are stored on the computer and can be accessed either in real-time or at a later time over the network by a monitoring agent.

The frequency at which screen capture occurs can be set in the monitoring component (player.exe), of this risk, allowing a maximum capture rate of one screenshot per second. The default rate of capture is one screenshot every 30 seconds. The application can be configured to scheduled to record silently at specific times and durations.