Thursday, May 28, 2009

Unique Sploits Pack. Manipulating the safety of the attacker II

Unique Sploits Pack is another alternative offered by the underworld of the illegal sale of Russian crimeware. However, it has a peculiarity in relation to others of its kind: it incorporates a module called Vparivatel rogue through which spreads through social engineering.

In this case, this is a beta version of this crimeware that apparently is fairly active as in the few days we have been following, after "violating" your authentication scheme, has not achieved a striking level of infection by therefore has not achieved a significant number of zombies.

Still, this threat is active and spreading threats, but before seeing what the malicious code that spreads look a little more about some statistics that allow us to have a sufficiently specific to the activity which has the botnet.

From that we can capture:
  • The operating system is exploited by this crimeware Windows XP SP1.
  • The second place is occupied by "other" platforms "no windows".
  • Windows XP SP2 is the third in the list of most used OS.
  • Internet Explorer versions 5.5, 6.0, 7.0 and Firefox 3.0.5 browsers that are more broken through crimeware threats.
  • The item "others" in the browser, is a browser such as Opera and Amaya.
As for the zombies that have succeeded (so far) to recruit, are in different countries, who can see through the image below.

However, the module Vparivatel not seem as effective so far as no activity has "positive" for the botmaster ;-P

Among the threats that spread Unique Sploits Pack are as kaspersky identification:
The first one with a poor detection rate of 27.50% based on 40 antivirus engines (11/40) and the second with a rate slightly higher 43.59%, ie 17 of 40 antivirus companies detect the threat.

These malicious codes are spread through various vulnerabilities, some of which are newer than others, but despite the antiquity of most of the vulnerabilities exploited by this crimeware, remain very effective.

Not only exploit vulnerabilities in popular web browsers (IE, Firefox and Opera) but also two vulnerabilities PDF readers currently in widespread use: Adobe Acrobat Reader and Foxit Reader.

As mentioned in the beginning, now this package is spreading malware crimeware proactively exploiting different vulnerabilities on computers victims, and despite not having the time by a significant number of controlled equipment, it's a potential threat the health system which undertakes to maintain the security updates (OS and applications) per day.

Related Information
YES Exploit System. Manipulando la seguridad del atacante
Unique Sploits Pack. Crimeware para automatizar la explotación de vulnerabilidades

# Jorge Mieres

No comments: