Home > Information Security Magazine > Features > So Long Script Kiddies
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

So Long Script Kiddies
by Lenny Zeltser
Issue: May 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >

Client-Side Infection Kits
Cybercriminals targeting PC vulnerabilities can buy ready-made exploits.

Attackers commonly use infection kits, planted on compromised Web servers, to exploit client-side vulnerabilities on the systems of the site's visitors. The kits are often available for purchase on the Web and through private channels to interested parties and come with dozens of exploits, offering a convenient way of executing an automated infection campaign.

A once popular infection kit called WebAttacker, whose light version was recently available for purchase for as little as $50, seems to have been surpassed by more effective collections of exploits. Roger Thompson, CTO of security vendor Exploit Prevention Labs, says as many as 60 percent of the attacks on personal computers the company tracked in January involved up to a dozen up-to-date, highly effective exploits.

--LENNY ZELTSER

Client-Side Infection Campaigns
A high-profile example of attackers using a client-side exploit happened in February, when Websense Security Labs reported that the Dolphin Stadium Web site was compromised. The stadium was hosting the Super Bowl and its Web site was enjoying a surge of traffic. If a visitor to the site was using an unpatched system, the machine got infected with spyware that harvested logon credentials for the popular game World of Warcraft. Although the weapons and gold used in the game are virtual, they can be sold for real-world money.

The program that infected Dolphin Stadium Web site visitors was seeking only logon credentials to World of Warcraft, rather than a myriad of other possible targets. The compromise of the Web site was not a blaring defacement, but aimed at infecting victims without attracting undue attention and timed to maximize its effectiveness. The presence of a keylogger on the infected computer was not easily noticeable, in contrast to attacks that infected machines with adware and until recently dominated the threat landscape.

Drive-by infections like the Dolphin Stadium incident that affect Web site visitors and install keyloggers are all too common. Although logon credentials to banking sites are still a popular target of keyloggers, usernames and passwords for other types of Web sites, such as gaming, social networking and job posting sites, are also targeted. While the immediate purpose of such campaigns is sometimes unclear, an interest in credentials for diverse categories of Web sites indicates a long-term effort by well-funded and dedicated attackers to assemble data warehouses.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts