Websense Finds Fresh Edition of Phoenix an Exploit Toolkit
Researchers from Websense the security company have found an already familiar drive-by download toolkit, Phoenix in fresh versions that's using special techniques viz. name-randomization and code-obfuscation.
Actually, cyber-criminals across the Web popularly use Phoenix to quietly contaminate end-users with malicious code.
The contamination assaults, called drive-by downloads, happen through genuine websites, which the attackers first hijack and insert in them harmful code. This insertion is done to make victims access the landing web-page, which contains the attack code and which's hosted on a distant Web-server. There are also scripts within it that find out the visitor's Web-browsers and OS along with any loaded edition of well-known software like Flash Player, Adobe Reader or Java.
Remarking about the new Phoenix version, Security Analyst Chris Astacio of Websense stated that similar to numerous exploit toolkits, the current one was PHP-based; however, different from the majority of toolkits, the installer was really disguised. Softpedia.com published this on December 29, 2010.
Astacio added that Phoenix was perhaps its creators' attempt at making it more difficult for any well-intentioned person for determining the way he could install the toolkit, particularly when there wasn't any 'readme.txt' file attached.
Interestingly, in spite of people widely employing the drive-by download toolkit, Astacio states that it doesn't have anything special worth exploring. Infosecurity.com published this on December 29, 2010.
The analyst explains that one is required for selecting the installation directions' language viz. Russian or English followed with visiting the next web-page that asks for filling out a form to obtain different things. Astacio, however, doesn't display a few chosen forms because, according to him, there is sensitive information in them.
He then analyzes that Phoenix's developers are apparently ensuring that in addition to having their exploit remain un-detected, their installations too should go unnoticed.
Eventually, security researchers assert that Phoenix and other similar exploit toolkits have resulted in an outstanding rise in exploit kit-based Web-assaults. With low prices and 'simple-to-make' advantages, exploit toolkits are being increasingly utilized as cyber-criminals seek for writing malicious code. In fact, these kits, used so effortlessly, are gradually forming exploits' backbone before the latter are unleashed.
Related article: Websense Discovered Malicious Social Networking Spam Campaign
» SPAMfighter News - 10-01-2011