Hacker Kit Dominates Web-Based Attacks
A hack package possessing multiple exploits resulted in almost three-fourths of all attacks on the Web during December, said a security company on January 23, 2007.
The attack kit labeled as "Q406 Roll-up" was responsible for 70.9% of total attacks last month, according to reports by Atlanta, Exploit Prevention Labs based in Ga. The kit comprises of a dozen separate exploits. These exploits are designed by using the proof-of-concept code that researcher HD Moore published during his "Month of Browser Bugs" project in July last year.
Extensive use of the package buttresses the fact that the creation and release of exploits is often simultaneous with legitimate software, pointed out Roger Thompson, CTO of Exploit Prevention Labs in a company press release. The con artists work laboriously in updating and issuing variants of existing exploits since developing a new exploit is a very difficult task.
Thompson said it is hard to know the exact number of exploits in the kit because it has heavy encryptions. The most common exploits in the package are - VML, XML, SetSlice and Createcomobject Code.
A collective of exploits called "MDAC" is the closest competitor to the Q406 Roll-up. It exploits the flaws in multiple ActiveX controls to take control of the hard drive and files stored in a victim's computer. As per tally of Exploit Prevention Labs, MDAC made for only 5.7% of all attacks on the Web during December last.
WebAttacker that was running for a long time exited from the list altogether. The Exploit's list ranked it second in November. Thompson explained the miscreants were never quite successful with WebAttacker. Their twists to the WebAttacker worked no more than just shutting down the browser. It could not even infect the computer.
But Thompson believes the miscreants will not accept defeat. They will continue to write exploits to make gainful profits, he emphasized. With the arrival of Windows Vista operating system and rapid take over by Web 2.0 applications, the bad guys will keep on harvesting the inherent vulnerabilities using new malicious code. That will leave users to find patches and use exploit-specific protection like LinkScanner.
Related article: Hacker & Virus in MySpace
» SPAMfighter News - 29-01-2007