About 1 in every 6 sites set up by criminals to steal information is created with hacking-for-dummies-style “toolkits,” a security researcher said Tuesday.
\n“About 15 percent of malicious sites designed to steal information have kit code or a derivation of kit code,” said Dan Hubbard, the vice president of security research at San Diego-based Websense. The most popular hacker toolkits are made and sold by Russian entrepreneurs, and include the well-known “WebAttacker” and the less-familiar “Nuclear Grabber” (aka “Haxdoor”).<\/p>\n","protected":false},"excerpt":{"rendered":"
The creators of these kits openly boast how well their code evades anti-virus scanners, and advertise exploits of both long-patched and unpatched vulnerabilities in browsers, particularly Microsoft’s Internet Explorer.<\/p>\n
One group, for instance, was the first to exploit the late-2005 WMF (Windows Metafile) bug, while the WebAttacker makers jumped on the VML (Vector Markup Language) vulnerability last month.<\/p>\n
Nuclear Grabber, on the other hand, is often paired with WebAttacker — the latter is used to install a rootkit of browser helper object on a vulnerable PC — and then sends any information typed into a Web form to not only the real (and legitimate) destination, but also to the criminal.<\/p>\n
There’s even a kit for phishing thugs, dubbed “Rock Phish Kit,” that targets cyber-crooks who don’t know how to craft a fake Web site. The kit, which Websense first spotted in November 2005, only offered 2 or three bogus branded sites when it started to sell, but now packages as many as 15 or 20, all of which can be hosted on a single server. The result of kit selling has been to boost the volume of malicious sites and the speed with which unpatched, or “zero-day” vulnerabilities, are put to work by a large number of cyber-criminals, said Hubbard.<\/p>\n
http:\/\/www.darkreading.com\/document.asp?doc_id=105163&WT.svl=cmpnews1_1<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2155","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2155","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2155"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2155\/revisions"}],"predecessor-version":[{"id":4642,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2155\/revisions\/4642"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2155"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2155"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}