Webattacker
From Wikipedia, the free encyclopedia
Webattacker is a do-it-yourself malware creation kit that includes scripts that simplify the task of infecting computers and spam-sending techniques to lure victims to specially rigged Websites. It was allegedly created by a group of Russian programmers. The kit demands minimal technical sophistication to be manipulated and used by crackers.
Sophos has reported that WebAttacker is being sold at some hacker Web sites or through a network of individual resellers and includes technical support[1]. The malware code is currently being delivered in at least seven exploits, including threats aimed at Microsoft's MDAC software, Mozilla's Firefox Web browser and Sun Microsystems's Java virtual machine programs.
The exploitation process usually consists of the following steps:
- Establishment of a malicious website though automated tools provided by WebAttacker
- Sending mass email (otherwise known as spam) inviting the recipient to visit the website under various pretenses
- Infecting the visitor's computer with a Trojan by exploiting numerous vulnerabilities
- Using the Trojan to run arbitrary executables on the infected PC which are typically designed to extract passwords, personal information, keystroke logging, or taking general control over the compromised computer
The software appears to be updated regularly to exploit new flaws, such as the flaw discovered in September 2006 in how Internet Explorer handles certain graphics files[2].
[edit] Vulnerabilities
WebAttacker exploitation technique is currently based on the following vulnerabilities:
- Microsoft Security Bulletin MS03-011
- Microsoft Security Bulletin MS04-013
- Microsoft Security Bulletin MS05-002
- Microsoft Security Bulletin MS05-054
- Microsoft Security Advisory (917077)
- Mozilla Foundation Security Advisory 2005-50
- Microsoft Security Bulletin MS06-006
[edit] Notes
- ^ Spyware kits sold for fifteen dollars available on the web, Sophos reports (2006-03-24). Retrieved on 2006-09-20.
- ^ Evers, Joris (2006-09-19). Porn sites exploit new IE flaw. Retrieved on 2006-09-20.