- Innovation, regulation and research on tap at RSA 2008
- Researchers uncover 100 VoIP vulnerabilities
- Badware not pushing users offline
- Web attacks won't stop
- Most sites still hack-able
- Tips on employee monitoring
- Research: IT security maturing, but misaligned
- Clarke sharply criticizes Bush cyber-security plans
- Conference seeks to bridge risk, research
- Core finds new CEO
September 05, 2007 | Comments: (0)
Crimeware kit use spikes in August
Researchers at security gateway specialist Finjan are highlighting a rise in the number of attacks carried out during the month of August that were built using widely-available malware authoring toolkits -- further illustrating the growing clout of the underground malware code sales market.
According to data gathered from its research efforts and the many sensors it has distributed among its clients, Finjan reported that at least 10 different crimeware toolkits were in heavy rotation in August alone. The company maintains that most of the virus-development platforms are being sold on the black hat underground for only a few hundred dollars apiece.
The toolkits specifically identified during the month included the well-known MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit toolkits, as well as several newer malware toolkits such as Random.js, Vipcrypt, Makemelaugh and Dycrypt.
Finjan maintains that much like legitimate software programs, the malware authoring tools are being updated frequently by their distributors to include new exploits and "anti-forensic techniques" that allow them to continue to have effect and evade detection by traditional security technologies.
Further, each of the individual kits is being used to create hundreds of variations that will tax the intelligence of most security systems, the security firm claims.
Using its SecureBrowsing technology -- it's rival to McAfee's SiteAdvisor Web site reputation testing system -- Finjan reported it has also been able to track use of the MPack toolkit, believed to be developed by hackers in Russia, by at least 58 different individuals.
Those attackers were able to infect an estimated 500,000 unique users during the month, the company said.
Among the types of legitimate sites that the malware distributors were able to foist their MPack-derived programs on were those operated by financial services companies and government entities, along with many Web 2.0 user driven content sites.
Finjan said it identified at least 300 unique profiles on the popular MySpace Site alone during August that were dishing out MPack-bred threats.
The security company said that at least six online advertising affiliate networks were clearly paying Web site owners for infecting visitors with hacks -- iframedollar, iframebiz, iframe911, iframestat, Neon and Vera. Each of the affiliates in turn recruited hundreds of new sites to use to deliver malware, according to the firm.
The use of tools meant to cloak attacks from anti-virus systems has also ramped up, said Finjan, with over 90 percent of the attacks it tracked during August employing such obfuscation techniques.
Posted by Matt Hines on September 5, 2007 02:21 PM
RATE THIS ARTICLE:
-
- COMMENTS
| ZERO DAY PODCAST |
| Listen to the latest podcast: |
MP3
•
•
•
Archive
•
![[VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]](http://www.voiceindigo.com/ht/images/mobilize_logo_sm.gif){kind=logo}
|
TOP STORIES
ADDITIONAL RESOURCES
- Remote Access: Maintain Security and Decrease the Burden on IT
- Beyond AntiVirus: Symantec Endpoint Protection
- What Every Enterprise Needs to Know About VDI
- Disaster Recovery in Minutes
- Protecting Microsoft(R) Applications
- Reduce Recovery Times and Tape Costs
