Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Hacker 'Smartbomb' Toolkit Attacks Unpatched Computers
Yahoo! News! ^ | 24 April 2006 | Gregg Keizer

Posted on 04/25/2006 11:15:44 AM PDT by ShadowAce

A dirt-cheap, do-it-yourself hacking kit sold by a Russian Web site is being used by more than 1,000 malicious Web sites, a security company said Monday.

Those sites have confiscated hundreds of thousands of computers using the "smartbomb" kit, which sniffs for seven unpatched vulnerabilities in Internet Explorer and Firefox, then attacks the easiest-to-exploit weakness.

For $15 to $20, hackers can buy the "Web Attacker Toolkit," said San Diego-based Websense in an online alert. The tool, which uses a point-and-click interface, can be planted on malicious sites -- or on previously-compromised computers -- to ambush unsuspecting users.

"It puts a bunch of code on a site that not only detects what browser the victim is running, but then selects one of seven different vulnerabilities to exploit, depending on how well patched the browser is," said Dan Hubbard, senior director of security and research at Websense.

Both Firefox and Internet Explorer vulnerabilities are among the seven.

Websense has detected the kit being used about 1,000 sites, which then plant a Trojan horse on vulnerable computers. The Trojan is installed in a silent "drive-by download" that doesn't require any user intervention; in fact, it installs in the background, so the user has no idea her computer has been hacked.

The Trojan can log keystrokes, download additional code, or open backdoors, said Websense.

"What's interesting is that these sites all have an administration console on them with statistics. We've managed to capture a couple of screenshots."

Those screens, posted with Websense's advisory, detail the browsers running on the compromised computers and keep a running tally of the most successful vulnerabilities.

According to the screenshots, the single site that Websense illustrated had attracted 51,896 computers, the bulk of them -- 76 percent, in fact -- running Microsoft Internet Explorer. (About 12 percent ran Firefox; the remainder were unspecified.)

This site, however, only used 4 of the 7 vulnerabilities, all of them directed at IE. The most successful of the quartet as one tagged as MS03-11 to match the security bulletin MS03-011, which published a patch for a bug in Microsoft Virtual Machine in April 2003. The malicious site managed to compromise 1,773 PCs using that three-year-old flaw, a 3.42 percent infection rate.

"And this is just one site," Hubbard said. "Together, these sites have compromised tens if not hundreds of thousands of systems."

The next-most useful vulnerability was dubbed "0-day" (zero-day), but was actually the "createTextRange" bug that was discovered last month and patched April 11 by Microsoft, said Hubbard. That vulnerability was used to compromise 1,507 PCs (2.9 percent success rate).

"Everyone knows they should patch their browsers," said Hubbard, "but this is further evidence that that's not happening as much as it should be."

The trend toward hackers sharing attack code, even selling simpleton software "kits," has been well-documented. Just last week, in fact, McAfee's research labs reported a major increase in the use of rootkits to cloak worms, Trojans, and spyware; the boost is largely due to cut-and-paste-style tools that automatically add rootkit components to other malicious code, Stuart McClure, chief of McAfee's research lab, said in an interview last week.

"The use of multiple vulnerabilities isn't commonplace," added Websense's Hubbard. "But this [toolkit] shows how hackers are becoming more and more organized."


TOPICS: Technical
KEYWORDS: attack; hacking

1 posted on 04/25/2006 11:15:46 AM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

2 posted on 04/25/2006 11:16:01 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

You can do this with metasploit for free.


3 posted on 04/25/2006 11:51:18 AM PDT by xrp (Fox News Channel: MISSING WHITE GIRL NETWORK)
[ Post Reply | Private Reply | To 1 | View Replies]

To: xrp
You can do this with metasploit for free.

You can create/modify a WEB SITE with customizable malicious code using Metasploit? I've used Metasploit for a while and haven't found that feature yet. Maybe I missed something?

4 posted on 04/25/2006 11:53:22 AM PDT by Spiff ("They start yelling, 'Murderer!' 'Traitor!' They call me by name." - Gael Murphy, Code Pink leader)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce
"drive-by download" that doesn't require any user intervention

 

 I wonder what "feature" that capability was included for. Whatever it was, no doubt it was intended to enable a richer Internet experience.

5 posted on 04/25/2006 12:34:22 PM PDT by beef (Who Killed Kennewick Man?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RikaStrom

Heads up!


6 posted on 04/25/2006 1:01:53 PM PDT by SeaDragon
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

I wonder how many of those "kits" were used at one time or another in an attempt to attack FR??


7 posted on 04/25/2006 1:06:01 PM PDT by Bean Counter (Stout Hearts!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

bump for later


8 posted on 04/25/2006 1:07:51 PM PDT by Centurion2000 (Every man must be tempted, sometimes,to hoist the black flag, and begin slitting throats.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Ick!!!

mark for later read/review.

9 posted on 04/25/2006 6:17:13 PM PDT by rzeznikj at stout (This Space For Rent. Call 555-1212 for more info.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: ShadowAce

How many l33t hax0r wannabees will buy these kits with dreams of having their own botnets, only to end up with all the infected machines "pwned" by the people who sold them the kit?


10 posted on 04/25/2006 6:21:25 PM PDT by tacticalogic ("Oh bother!" said Pooh, as he chambered his last round.)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson