Exploit packs have been selling in the underground for hundreds of dollars in recent years. These pre-packaged kits are designed to probe the visitor’s browser for known security vulnerabilities, and then use the first one found as a vehicle to quietly install malicious software. They normally comes with a Web administration page, which gives the attacker real-time statistics about victims, such as which browser exploits are working best, and which browsers and browser versions are most successfully attacked. Those commonly found in the market were iPack, Crimepack and Eleonore.
The latter, Eleonore, is the most popular kit and have been making the headlines recently. It is claim to cost between USD$500 - USD$1000 (based on the version). The package was updated approximately every month with the latest browser, PDF and Java vulnerabilities. These kit providers provide "secured" support, updates and even cleanup of the package service if necessary.
Eleonore Web administration page
Crimepack Web administration page
w01f advise: Always patch up your system, especially Internet browser, Java, Flash and PDF applications.
No comments:
Post a Comment