NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0223 MPack Toolkit Sold by Russians to Generate Malware:
Security researchers at iDefense VeriSign are tracking the emergence of a dangerous malware development kit dubbed "MPack" that is being used to create different types of threats to vulnerable computers. Over 10,000 web domains were compromised in a recent attack involving MPack-derived malware that was aimed largely at users in Italy and affected as many as 80,000 unique IP addresses. The MPack kit is being sold on the Russian underground market for around $1,000, with sellers claiming a 50% success rate, according to iDefense. MPack is said to make use of multiple exploits in a very controlled manner to infect vulnerable computers. Among the specific exploits the MPack kit uses are those that attack the Windows Animated Cursor (ANI) flaw, WinZIP ActiveX overflow problem, issues in QuickTime multimedia framework, and a range of additional security vulnerabilities already addressed by Microsoft patch offerings.
iDefense has observed the MPack kit being sold by an individual operating on the Russian malware scene known as "$ash" who has also been offering a so-called "loader" version of the code - used to deliver executable files - for $300.
One of the payloads being served up in MPack-driven attacks is the Torpig spyware program. iDefense associates that threat with a hacker group known as the Russian Business Network (RBN), which it considers to be "one of the most notorious criminal groups on the Internet today." iDefense has observed MPack attacks installing Torpig malware code that was hosted on what it has identified as an RBN-controlled server.
RBN, based out of St. Petersburg, Russia, represents "a virtual safe house for attacks," according to iDefense, and is "... closely tied to multiple attacks including Step57.info cPanel exploitation, VML, phishing, child pornography, Torpig, Rustock, and many other criminal attacks to date."
(www.infoworld.com 21JUN07)