Exploration of New Exploit Toolkit by M86
A novel exploit toolkit has been recognized by researchers with Security vendor, M86 Security. This toolkit has been found to be disseminated free of charges on the underground market as a community effort.
The new toolkit, k0desploit is actually based on Eleonore exploit pack, which is utilized commonly in drive-by download attacks.
The login page of the k0desploit admin panel exhibits the text "K0de.org Open Source Exploits," and is disposed further to M86 researchers, who desire to acquire more legitimate information about it. The necessity of acquiring legitimate information led the researchers to seek a few forum posts made by the original author that explains the importance of the latest toolkit as an enhanced version of Eleonore.
The toolkit author reveals that on conducting preliminary tests on 1000 computers, an infection rate of 9.6% has been found, an increase of 3.5%, which is considerably more than the original Eleonore mod.
The developer also held the view that the majority of the attacks were for the Microsoft Data Access Components (MDAC) and IE vulnerabilities and not for Java as mentioned by the previous research. The developer also asserted of obtaining the exploits to work partially through Firefox and Chrome.
Following the consequence, the author immediately called upon malware authors for assisting him with to improve the sudden rise in detection rate of the spiteful malevolent iframe. The author has also enlisted some other modifications undertaken by him in this latest toolkit.
Besides the "open-source" exploit kit, security vendors at M86 also revealed an exhaustive list of anonymous proxy servers and numbers of stolen credit cards along with credentials of individuals.
According to security experts, massive change in the threat landscape is resultant due to exploit toolkits mentioned above.
Effortless usability of "attack toolkits" along with their ability to garner huge profits has resulted in augmented cyber attacks along with faster expansion of attackers. Researchers held the view that easy usability has resulted in alarming expansion of cyber attacks as novices can now launch it without any effort.
In conclusion, security experts have signaled their expectation towards expansion of this criminal attack and more average user likely to be victimized.
Related article: Exploiting BITS To Compromise Windows Update
» SPAMfighter News - 21-03-2011