Tuesday, October 16, 2007

MPack and IcePack Localized to Chinese

It is logical to consider the possibility that once a malware author starts evaluating the benefits out of releasing a malware in an open source form, malware exploitation kits can also build communities around them. Since August, 2007, Chinese hacking groups can freely enjoy "the benefits" of IcePack's and MPack's malicious economies of scale attacking approach in the combination of a brain-damaging Keep It Simple Stupid exploitation tactic in the form of serving exploit URLs, which get automatically embedded via a web application bug, or via automated remote file inclusion enabled web site.

Let's once again emphasize on the research question of wouldn't such malware kits and tools have a higher value if kept private, and why someone release them in the wild? Couple of months ago, the tools themselves were used as a bargain for improving the UVP (unique value proposition) on a large scale, that's of course until they became a commodity. From my perspective, all warfare is based on deception, especially infowar, namely, if the idea of embedding an exploiting serving URL at a popular site in order to infect all of its visits becomes a commodity as an attack tactic, at the end it will be the ones whose fast-fluxing, javascript obfuscation, and timely crypting and rotating the malware binary skills will put them in a market leader position, where the new entrants, the ones cheering for having access to such tools will make the headlines, like the default malware kit installation wannabies they are.

By ensuring that the market segment for malware in this case, has many participants and is not concentrated and operated by a few over-performing groups is a highly beneficial from the perspective of the most skilled and advanced groups continuing their operations in between the noise generated by the rest of market challengers. Now Playing in Cyberspace - "The Revenge of the Chinese Script Kiddies".