by interpreters
@ 2008-04-25 - 01:04:01
Securityresearchers have discovered a new web-based attack tool which exploitsup to 14 browser vulnerabilities and installs malware on the user'ssystem..
Symantecresearcher Liam O'Murchu said that 'Tornado' is commonly installed on aserver by a single 'administrator', who then offers accounts on theserver to other attackers.The attackers then inject code intoother web pages to redirect users to the Tornado server, where theexploit and malware installation is conducted.
"Perhaps this is why the code for this pack has stayed private for solong," said O'Murchu.
"Usingthis model, the creators of the pack can sell it to a few trustedcustomers at a higher price, rather than selling it to manyuntrustworthy customers and risking the code being released in theunderground."
Tornado also offers attackers a full set of traffic statistics andoptions for selecting which exploits can be conducted.
The malware features an option to redirect repeat visitors to a phoney'account suspended' page.
Thishelps the tool to evade security researchers who will make repeatedvisits to infected pages in order to study the exploits and malware inuse.
Programs such as Neosploit and MPack offer similarcapabilities to set up servers that can conduct multiple exploitsagainst users.
No Comments/Trackbacks for this post yet...