Tuesday, April 01, 2008

A Commercial Web Site Defacement Tool

On the look for creative approaches to cash out of selling commodity tools and services, malicious parties within the underground economy continue applying basic market approaches to further commercialize what was once a tax free area. Commercial click fraud tools, managed spamming services and fast-fluxing on demand, botnets and DDoS attacks as a service, malware pitched as a remote access tool with limited functionality to prompt the user to buy the full version, malware crypting as a service, and the very latest indication for this trend is the availability of commercial web site defacement tools.

There's a common misunderstanding regarding web site defacement tools, namely that of a defacer on purposely targeting a specific domain. That's at least the way it used to be, before defacers started embracing the efficiency model, namely deface anyone, anywhere, than parse the successful defacements logs, come across a high profile site and make sure the entire defacers community knows that they've defaced it - well at least their automated web sites defacement tools did in a combination with remotely included web backdoors.

This particular commercial web site defacement tool's main differentiation factor compared to others is it's efficiency centered functionability, namely it has a built-in Zone-H defacement archive submission. Moreover, within the functions changelog we see :

"Choose number of perm folder to check it and go another site with out load all perm it cause to deface with more speed; Working back proxy and cache servers; Get Connect back with php in all servers that safe mode is Off ( with out need any command same as system() ; Auto Detect Open Command"

It is such kind of commercialization approaches of commodity goods that increase the market valuation of the underground economy in general, one thing for sure though - while certain parties are messing up with entry barriers making it damn easy to launch a phishing or a malware attack, others are trying to prove themselves as aspiring entrepreneurs. In the long-term, I'd rather we have defacers deface than consolidate with phishers, spammers and malware authors for the purpose of malware embedded attacks, hosting and sending of scams, a development that is slowly starting to take place despite my wishful thinking.

Related posts: