MPack (software)

MPack (software)

In computer security, MPack is a PHP-based malware kit produced by Russian crackers. The first version was released in December 2006. Since then a new version is thought to have been released roughly every month. It is thought to have been used to infect up to 160,000 PCs with keylogging software. In August 2007 it was believed to have been used in an attack on the web site of the Bank of India which originated from the Russian Business Network.

Unusually for such kits, MPack is sold as commercial software (costing $500 to $1,000 US), and is provided by its developers with technical support and regular updates of the software vulnerabilities it exploits. Modules are sold by the developers containing new exploits. These cost between $50 and $150 US depending on how severe the exploit is. The developers also charge to make the scripts and executables undetectable by antivirus software.

The server-side software in the kit is able to customize attacks to a variety of web browsers including Microsoft Internet Explorer, Mozilla Firefox and Opera. MPack generally works by being loaded in an IFrame attached to the bottom of a hacked website. When a user visits the page, MPack sends a script that loads in the IFrame and determines if any vulnerabilities in the browser or operating system can be exploited. If it finds any, it will exploit them and store various statistics for future reference.

Included with the server is a management console, which allows the attacker deploying the software to view statistics about the computers that have been infected, including what web browsers they were using and what countries their connections originated from.

Experts at Spy-Ops have estimated that the market for hacker toolkits such as MPack has exploded into hundreds of millions of dollars USD annually.

References

* cite web
url=http://news.bbc.co.uk/1/hi/technology/6221306.stm
title=Hackers target 'legitimate' sites
publisher=BBC
date=2007-06-20
accessdate=2007-06-26

* cite web
url=http://www.symantec.com/enterprise/security_response/weblog/2007/05/mpack_packed_full_of_badness.html
title=MPack, Packed Full of Badness
publisher=Symantec
date=2007-05-27
accessdate=2007-06-26

* cite web
url=http://blogs.pandasoftware.com/blogs/images/PandaLabs/2007/05/11/MPack.pdf
title=PandaLabs Report: MPack uncovered
publisher=PandaLabs
date=2007-05-11
accessdate=2007-07-04

* cite web
url=http://www.theregister.co.uk/2007/07/03/mpack_reloaded/
title=MPack malware exposes cheapskate web hosts
publisher=The Register
date=2007-07-04
accessdate=2007-07-04

* cite web
url=http://www.theregister.co.uk/2007/07/23/mpack_developer_interview
title=Interview with MPack developer
publisher=The Register
date=2007-07-23
accessdate=2007-07-23

* cite web
url=http://blog.washingtonpost.com/securityfix/2007/10/mapping_the_russian_business_n.html
title=Mapping the Russian Business Network
author=Brian Krebs
publisher=Washington Post blogs
date=2007-10-13
accessdate=2007-10-14

* cite web
url=http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9033999
title=Bank of India site hacked, serves up 22 exploits
author=Gregg Keizer
publisher=Computer World
date=2007-09-31
accessdate=2007-10-14


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Russian Business Network — The Russian Business Network (commonly abbreviated as RBN) is a multi faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack (software) and an alleged… …   Wikipedia

  • Srizbi botnet — The Srizbi botnet, also known by its aliases of Cbeplay and Exchanger, is the world s largest or second largest botnet depending on expert reports, and is responsible for sending out more than half of all the spam being sent by all the major… …   Wikipedia

  • Computer crime — Computer crime, or cybercrime, refers to any crime that involves a computer and a network.[1] The computer may have been used in the commission of a crime, or it may be the target.[2] Netcrime refers to criminal exploitation of the Internet.[3]… …   Wikipedia

  • Russian Business Network — Das Russian Business Network (RBN) ist ein russischer Internetdienstanbieter mit Sitz in St. Petersburg, Levashovskiy Prospekt 12[1][2]. Ein großes Netz von Tochterunternehmen haben ihre Sitze unter anderem auf den Seychellen, in Panama, Türkei,… …   Deutsch Wikipedia

  • Mega-D botnet — The Mega D, also known by its alias of Ozdok, is a botnet that at its peak was responsible for sending between 30% and 35% of spam worldwide.[1][2][3] On October 14, 2008, the U.S Federal Trade Commission, in cooperation with Marshal Software,… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”