- Webattacker
Webattacker is a do-it-yourself
malware creation kit that includes scripts that simplify the task of infecting computers and spam-sending techniques to lure victims to specially riggedWebsite s. It was allegedly created by a group ofRussia n programmers. The kit demands minimal technical sophistication to be manipulated and used by crackers.Sophos has reported that WebAttacker is being sold at some hacker Web sites or through a network of individual resellers and includes technical support. [cite web|url=http://www.sophos.com/pressoffice/news/articles/2006/03/russianspykits.html|title=Spyware kits sold for fifteen dollars available on the web, Sophos reports|date=2006-03-24|accessdate=2006-09-20] The malware code is currently being delivered in at least seven exploits, including threats aimed atMicrosoft 's MDAC software, Mozilla's Firefox Web browser andSun Microsystems 's Javavirtual machine programs.The exploitation process usually consists of the following steps:
* Establishment of a malicious website though automated tools provided by WebAttacker
* Sending mass email (otherwise known as spam) inviting the recipient to visit the website under various pretenses
* Infecting the visitor's computer with a Trojan by exploiting numerous vulnerabilities
* Using the Trojan to run arbitrary executables on the infected PC which are typically designed to extract passwords, personal information,keystroke logging , or taking general control over the compromised computerThe software appears to be updated regularly to exploit new flaws, such as the flaw discovered in September 2006 in how
Internet Explorer handles certain graphics files. [cite web|url=http://news.zdnet.com/2100-1009_22-6117407.html|title=Porn sites exploit new IE flaw|author=Evers, Joris|date=2006-09-19|accessdate=2006-09-20]Vulnerabilities
WebAttacker exploitation technique is currently based on the following vulnerabilities:
* [http://www.microsoft.com/technet/security/Bulletin/MS03-011.mspx Microsoft Security Bulletin MS03-011]
* [http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx Microsoft Security Bulletin MS04-013]
* [http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx Microsoft Security Bulletin MS05-002]
* [http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx Microsoft Security Bulletin MS05-054]
* [http://www.microsoft.com/technet/security/advisory/917077.mspx Microsoft Security Advisory (917077)]
* [http://www.mozilla.org/security/announce/2005/mfsa2005-50.html Mozilla Foundation Security Advisory 2005-50]
* [http://www.microsoft.com/technet/security/bulletin/ms06-006.mspx Microsoft Security Bulletin MS06-006]Notes
External links
* [http://www.inet-lux.com Website of a group of developers who supposedly created WebAttacker (in Russian)]
Wikimedia Foundation. 2010.
