|
Spyware Toolkits Making it Possible for Anyone to be a Hacker |
 According to ComputerWeekly.com, “The distribution of crimeware software kits soared in August, with the numbers used against websites and end-users outstripping the total for the three preceding months.”
Finjan, a security company reported on 10 different types of spyware toolkits being sold last month alone. This list includes: MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2, and Multi-Exploit toolkits, as well as new toolkits like random.js, vipcrypt, makemelaugh, and dycrypt.
Each of these crimeware toolkits is being updated frequently to include recent exploits and the latest anti-forensic techniques. These new techniques allow them to bypass and escape detection by traditional Signature, reputation and URL based security products. A Russian website was recently discovered selling the WebAttacker spyware development kit. This kit is available from their site for about $15 US dollars.WebAttacker is being marketed on the merits of its ability to infect computers. The kit includes scripts, which are specialized sets of instructions for browsers to interpret. Scripts are frequently used by hackers to infect computers. One popular use is to send out spam emails on interesting topics to illegitimate websites. The unsuspecting web surfer then finds their personal computer being attacked by these scripts. Another popular crimeware toolkit is MPack. This hacking toolkit has been selling for about $1,000 on the Russian underground. Finjan researchers reported in their advisory, “The crimeware is capable of stealing account information from several banks around the world without leaving any traces behind”. Yuval Ben-Itzhak, Finjan’s CTO declared in a written statement, “This form of attack is more dangerous than previous forms of Phishing, which relied on fraudulent websites because this attack happens on the customer’s own PC and is encrypted, it makes it extremely difficult to detect. After the customer fills in the login form on their website and clicks on the ‘Log In’ button, the crimeware, running on the infected user machine, intercepts the communication. The crimeware sends the intercepted UserID and password to the criminal’s server, instead of sending it to the bank’s server. The customer thinks they are still on the bank’s website. But, they are actually sending data to the criminal’s server over an encrypted connection.” Some of the more sophisticated spyware toolkits can even provide reports to the hacker tracking how many users he/she’s infected, the kind of browser the victim is using, where they are located, and what type of malware was installed on their machine. According to Finjan, a recent study of control servers provided them with a look at some hackers’ toolkit reports. Estimates based on these reports show that just 58 of these toolkit hackers had infected half a million users. The most alarming aspect of these kits and types of attacks is the low level of technical sophistication required to implement them. Experienced hackers initially were responsible for the majority of these types of infections. However, now even a child with low level tech skills can build spyware. Crimeware kits give the power to infect computers all over the world to just about anyone with a little technical knowledge and a computer and Internet connection.These kits will undoubtedly boost the proliferation of malware on the Internet in the coming decade.
|
