The Trojan is even smart and can detect what browser is being used via the user agent and customize the exploit based on the browser settings.
Here is the ad, which was translated into English by Websense:
Dear Friends! We would like to offer you multi-component exploit Web-Attacker IE604, that realizes vulnerabilities in the internet browsers Internet Explorer and Mozilla Firefox. With the help of this exploit you will be able to install any programs on the local disks of visitors of your web pages. In the foundation of work of the exploit Web-Attacker IE0604, there are 7 already-known vulnerabilities in the internet browsers: Objective of the Exploit: Hidden drop of the executable from the deleted source to the local hard drive of the site visitor.
-Bypasses all security measures-Is not blocked by Firewalls [Agnitum Outpost, Zone Alarm, Sygate Personal Firewall]
-Tri-level protection -Flexible installation -Updates -Detailed Statistics
For the full alert, with screenshots, click here.
John Leyden of the Register is also covering this story.
trimMail's E-Mail Battles has an interesting story about why some of these kits are so dangerous. Here is an excerpt:
Smart computer users know that once a computer is infected by a rootkit, it's changed forever. And as Windows rootkits go, Hacker Defender is among the most dangerous. The author of Hacker Defender, holy_father, explains why he does what he does, and what you can do to detect his rootkit.
Antivirus companies sell a fake sense of security, but they do not bring real security to your computer. Antivirus just fights programs that are visible to common users. They don't care about the cause.
Do it yourself kits are becoming increasingly common and are making the Internet increasingly dangerous for the common user.
Here is a recent post, I wrote about "how to scam kits" and one that is designed for use in committing fraud on eBay.
Link, here.
1 comment:
Well said, and sadly true..
Post a Comment