Fresh Exploit Toolkit, Nice Pack Detected: Dell SecureWorks

According to investigators from Dell SecureWorks a security company, cyber-criminals have hijacked no less than 10,000 websites for diverting visitors onto one fresh exploit kit named "Nice Pack." SCMagazineUS.com reported this in news during the 2nd-week of October 2011.

Employing a similar series of assaults like that of the already familiar BlackHole attack toolkit, the Nice Pack attackers reportedly utilize different methods for hijacking websites as well as implanting malware onto them. Apparently, the malware exactly resembles the malicious software, which was recently utilized during the MySQL.com hijack that diverted visitors onto one BlackHole hosting website, Dell's investigators add.

Moreover, while trapping a victim, the attack kit Nice Pack tries to load a Trojan named ZeroAccess that's created for staying concealed on the contaminated system, while it collects secret data and transmits the same onto a distant computer server. Essentially therefore, ZeroAccess possesses certain features of a rootkit that lets it linger in spite of efforts for eliminating it from the infected computer.

Furthermore, together with Nice Pack's emergence, Dell SecureWorks' investigators state that they've observed a rise in ZeroAccess assaults as well during recent weeks. Similar as with other attack toolkits, Nice Pack's approach too is broad while attempting at compromising the maximum possible number of computers, triggering attack codes on an applications menu, they explain.

Meanwhile, Director of Operations and Analysis Ben Feinstein for the Counter Threat Unit (CTU) of SecureWorks stated that the Nice Pack was abusing security flaws within different editions of Adobe, Flash and Java. In case successful, it was taking down one fresh Trojan for trade within the market that just hit the headlines starting Q2-2011 i.e. April to June 2011. The Trojan was ZeroAccess that carried rootkit capabilities, the director noted. Threatpost.com reported this in news on October 13, 2011.

Additionally Feinstein stated that accidentally, the CTU, during the 1st-week of October 2011, spotted several attacks that ZeroAccess attempted over varied industry verticals such as manufacturing, healthcare, utilities, financial, and education that would suggest the use of the Trojan within a widely unleashed assault, which had an exploit toolkit mounted to it, over the Web.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 10/24/2011