|
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Client-Side Infection Kits
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Cybercriminals targeting PC vulnerabilities can buy ready-made exploits.
Attackers commonly use infection kits, planted on compromised Web servers, to exploit client-side vulnerabilities on the systems of the site's visitors. The kits are often available for purchase on the Web and through private channels to interested parties and come with dozens of exploits, offering a convenient way of executing an automated infection campaign.
A once popular infection kit called WebAttacker, whose light version was recently available for purchase for as little as $50, seems to have been surpassed by more effective collections of exploits. Roger Thompson, CTO of security vendor Exploit Prevention Labs, says as many as 60 percent of the attacks on personal computers the company tracked in January involved up to a dozen up-to-date, highly effective exploits.
--LENNY ZELTSER
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]
Client-Side Infection Campaigns...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
A high-profile example of attackers using a client-side exploit happened in February, when Websense Security Labs reported that the Dolphin Stadium Web site was compromised. The stadium was hosting the Super Bowl and its Web site was enjoying a surge of traffic. If a visitor to the site was using an unpatched system, the machine got infected with spyware that harvested logon credentials for the popular game World of Warcraft. Although the weapons and gold used in the game are virtual, they can be sold for real-world money.
The program that infected Dolphin Stadium Web site visitors was seeking only logon credentials to World of Warcraft, rather than a myriad of other possible targets. The compromise of the Web site was not a blaring defacement, but aimed at infecting victims without attracting undue attention and timed to maximize its effectiveness. The presence of a keylogger on the infected computer was not easily noticeable, in contrast to attacks that infected machines with adware and until recently dominated the threat landscape.
Drive-by infections like the Dolphin Stadium incident that affect Web site visitors and install keyloggers are all too common. Although logon credentials to banking sites are still a popular target of keyloggers, usernames and passwords for other types of Web sites, such as gaming, social networking and job posting sites, are also targeted. While the immediate purpose of such campaigns is sometimes unclear, an interest in credentials for diverse categories of Web sites indicates a long-term effort by well-funded and dedicated attackers to assemble data warehouses.
|
 |
|
