Powerful BlackHole Attack Kit Proliferating, Finds Symantec
Symantec the security company, a few days ago, warned that several potent exploits packed into a toolkit called BlackHole were profusely proliferating across the Web.
Consequently, users who'll access a sanitized website into which a malevolent iFrame has been inserted will find themselves diverted onto the server that hosts the BlackHole exploit toolkit. BlackHole conceals the exploits that abuse well-known security flaws like JAVA, PDF, MDAC, HCP and others.
Moreover, the website hosts malicious software, which diverts the visitor for taking down a hostile .JAR file. A particular class contained within this file reportedly pulls out the value it receives within the code after which it decodes that value to reveal a URL that later helps in executing more harmful downloads.
One malware this URL pulls down is Trojan.Carberp that incorporates certain distinct ID into the central C&C (command-and-control) server, which helps in the exchange of information between the server and the Trojan. Subsequently, the Trojan introduces each and every active process into the central command-and-control server from the victimized PC.
The Carberp further pulls down 3 modules: passw.plug, miniav.plug and stopav.plug for which it receives a command from the central server.
Unfortunately, according to Symantec, it's because of exploit toolkits similar to those mentioned above that non-skilled cyber-criminals find it so much easy for executing Internet assaults against businesses and consumers.
And as per its just published report titled "Attack Toolkits and Malicious Websites," Symantec reveals that approximately 66% of harmful operations on the Web during July 1, 2009 to June 30, 2010 are attributed to attack codes and botnets set up with well-known exploit kits available for sale on the underground market.
Remarking about this fresh as well as rapidly developing trend, Shantanu Ghosh Vice-President of Product Operations for Symantec, India stated that previously hackers took more time in creating attack codes since they had to start from scratch for designing their own malware. But, currently, it was possible to access exploit toolkits; consequently, attacks proliferated rapidly. The toolkits were getting sold with discounts, guarantees and free services, Ghosh pointed out that Indianexpress.com published during the 1st week of February 2011.
Related article: Powerball Scammers Use Louisiana Lottery’s Name
» SPAMfighter News - 26-02-2011