Italian Job Attack Uses "Commercial" Malware Delivery Platform
Earlier posts in this blog have discussed the professional, business like nature of cybercrime, here is a case in point.
Legitimate Web sites in Europe, especially Italy, are being compromised with a combination of simple HTML iFrame code and a malware delivery tool called MPack. MPack exploits known bugs and attacks Internet Explorer, Firefox and Opera. As of yesterday 10,000 Web sites had been comprimised.
What makes this story noteworthy is the way MPack looks less and less like a piece of hacked code left for script kiddies and more like a commercial application, complete with update support. Help Net Security describes MPack:
This tool is sold through online forums for around $700. With each version, the creators offer one year’s free support.“Mpack offers the type of features you would expect from a legal application. For example, client updates. These updates, effectively different versions of the application, are actually the exploits needed to take advantage of the latest vulnerabilities discovered. There is normally a new one every month and they cost between $50 and $150,” explains Luis Corrons, Technical Director of PandaLabs.
For another $300, clients are also offered DreamDownloader. This is a tool designed to create downloader Trojans. It works in the following way: The hacker tells DreamDownloader the URL in which the file is hosted (a Trojan, a worm, malware updates, etc.), and the utility automatically generates an executable to download it.
The PandaLab Blogs posted some stats on the spread of MPack last month which are no doubt lower than today's actual distribution.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
