Yet another proprietary web malware exploitation kit has been released at the beginning of this month, further indicating that the efficient supply of such kits is proportional to their simplistic nature. The only differentiation factor in the Small Pack is perhaps the inclusion of all known Opera exploits up to version 9.20, however, the rest of the features are the natural ones included in the majority of already known exploitation kits :
- IE exploits included - Quick TIme Modified, PNG, MDAC, DX Media
- Firefox exploits included - Quick Time, PNG, EMBED- Opera - all exploits up to version 9.20
- RC4 encryption
- lifetime updates
- Geolocation
- opportunity to request additional functionsConverging infection and distribution vectors, evasion and survivability, metrics and command and control in a single all-in-one web malware exploitation kits is, however, is definitely in the works considering the developments introduced in the rest of the kits currently available. For instance, despite that the ongoing waves of SQL injection attacks with multiple campaigns are injecting the malicious domains in its original form, certain attacks are starting to inject obfuscated URLs making it harder to assess the impact of the campaign using open source intelligence techniques.
The bottom line, as long as webmasters continue participating in the so called "traffic exchange" revenue models, knowingly or unknowingly embedding links that would later on ultimately redirect to a malicious site, "traffic exchange" is receiving the most attention at the strategic level, next to "traffic acquisition" at the tactical level. Basically, the traffic inventory that could be supplied is the direct result of an ongoing SQL injection attack, or malware embedded through other means, with the traffic brokers directly undermining webmaster's unethical inclusion of exploits within their domains portfolio.
One thing's for sure - web malware exploitation kits are not just getting localized, they're also being cloned.
Related posts:
The FirePack Exploitation Kit Localized to Chinese
MPack and IcePack Localized to ChineseThe FirePack Exploitation Kit - Part TwoThe FirePack Web Malware Exploitation KitThe WebAttacker in ActionNuclear Malware KitThe Random JS Malware Exploitation KitMetaphisher Malware Kit Spotted in the WildThe Black Sun BotThe Cyber BotGoogle Hacking for MPacks, Zunkers and WebAttackersThe IcePack Malware Kit in Action
The rise of pro-kosovo web site defacement groups was marked in April, 2008, with a massive web site defacement spreading pro-kosovo propaganda. The ongoing monitoring of pro-kosovo hacktivists indicates an ongoing cyberwar between pro-serbian supporting hacktivists successfully defacing Albanian sites, and building up capabilities by releasing a list of vulnerable Albanian sites (remote SQL injections for remote file inclusion, defacements or installing web shells/backdoors) to assist supports into importing the list within their do-it-yourself web site defacement tools.
