HOME

TheInfoList



OR:

Webattacker is a do-it-yourself
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
creation kit that includes
script Script may refer to: Writing systems * Script, a distinctive writing system, based on a repertoire of specific elements or symbols, or that repertoire * Script (styles of handwriting) ** Script typeface, a typeface with characteristics of ha ...
s that simplify the task of infecting computers and
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ...
-sending techniques to lure victims to specially rigged
Website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and W ...
s. It was allegedly created by a group of
Russia Russia (, , ), or the Russian Federation, is a transcontinental country spanning Eastern Europe and Northern Asia. It is the largest country in the world, with its internationally recognised territory covering , and encompassing one-ei ...
n programmers. The kit demands minimal technical sophistication to be manipulated and used by crackers.
Sophos Sophos Group plc is a British based security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily ...
has reported that WebAttacker is being sold at some hacker Web sites or through a network of individual resellers and includes technical support. The malware code is currently being delivered in at least seven
exploit Exploit means to take advantage of something (a person, situation, etc.) for one's own end, especially unethically or unjustifiably. Exploit can mean: *Exploitation of natural resources *Exploit (computer security) * Video game exploit *Exploitat ...
s, including threats aimed at
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...
's MDAC software, Mozilla's Firefox Web browser and
Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, t ...
's
Java virtual machine A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The JVM is detailed by a specification that formally describe ...
programs. The exploitation process usually consists of the following steps: * Establishment of a malicious website though automated tools provided by WebAttacker * Sending mass email (otherwise known as
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ...
) inviting the recipient to visit the website under various pretenses * Infecting the visitor's computer with a
Trojan Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...
by exploiting numerous vulnerabilities * Using the Trojan to run arbitrary executables on the infected PC which are typically designed to extract passwords, personal information,
keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
, or taking general control over the compromised computer The software appears to be updated regularly to exploit new flaws, such as the flaw discovered in September 2006 in how
Internet Explorer Internet Explorer (formerly Microsoft Internet Explorer and Windows Internet Explorer, commonly abbreviated IE or MSIE) is a series of graphical web browsers developed by Microsoft which was used in the Windows line of operating systems (in ...
handles certain graphics files.{{cite web, url=http://news.zdnet.com/2100-1009_22-6117407.html, title=Porn sites exploit new IE flaw, author=Evers, Joris, date=2006-09-19, accessdate=2006-09-20 , archiveurl = https://web.archive.org/web/20061005022745/http://news.zdnet.com/2100-1009_22-6117407.html , archivedate = 2006-10-05


Notes

Computer security exploits Types of malware