Tehtri Security's Laurent Oudot a PC security researcher from France has revealed information about over twelve formerly unknown security flaws, which end-users reacting to online assaults can make use of for hitting back at attackers. The Register published this in news on June 17, 2010.
Oudot discovered that the flaws existed within off-the-shelf toolkits for malicious software that were variously called as Liberty, Sniper, Neon and Eleonore. The loopholes were sport significant and more-or-less simple to exploit, he added. BBC published this in news on June 18, 2010.
Commonly, cyber-criminals preparing to launch attacks, load the toolkits onto hijacked websites with the aim to make simpler the vulnerability exploitation process on users' computers that access these sites.
Meanwhile, the bugs which Oudot unearthed can help to determine the person employing the toolkits as well as to execute a counter-attack. The researcher discussed in detail, the un-patched flaws seen within a few highly prevalent malware toolkits with which websites could be attacked, while making a presentation before the attendees at the Singapore held SyScan 2010 Security Conference.
He as well stated that the unpleasant ideas that had been shown at the conference represented the manner in which cyber-criminals could be hit back when they used malicious online devices like Web backdoors, Exploit Packs etc. The Register published this.
Reportedly, an attack against 'Eleonore' lets researchers seize criminals' validation cookies when the latter attempt at accessing the administrative system that regulates an attacking website.
Moreover, to begin, the attack uses an SQL-injection code via the referrer field of a browser so that strings can be loaded to the server's data, which expose the administrative system to cross-site scripting assaults.
Often, according to Oudot, exploiting these flaws can let security investigators compromise the Internet hackers. BBC reported this.
By exploiting the flaws, people could obtain additional details on attackers, possibly capture their attack methods and tools, track down their PCs, or even identify them.
But, if hackers are hacked it can actually mean violating certain laws; however, Oudot stated that the purpose of the research was to create fresh methods for contemplating on global IT security.
Related article: Contract Killer Spam Scam
» SPAMfighter News - 28-06-2010