I.T. Vibe
Latest Business Communications Gaming General Security Technology Virus  
   Member Services
Login
Register
   General Services
Contact Us
Merchandise
Toolbar
RSS Feeds
Other Formats
   Site Search
 
Advanced Search
   News Alerts
Enter your email address to receive news alerts
 
View Privacy Policy
Unsubscribe
   Information
Latest Virus Alerts
Internet Threat Level
Internet Traffic Report
   Opinion Poll
Macs - Love Them or Hate Them? Place your votes now.
Love 'em
Hate 'em
Indifferent
Reader Comments: 0
View All Polls
Spyware kits sold for fifteen dollars available on the web
Thursday, March 30, 2006 at 21:24 by Peter Smith
Experts at Sophos have discovered a Russian web site that sells spyware kits, called WebAttacker, for fifteen US dollars (about ten UK pounds). The web site, which refers to its creators as spyware and adware developers, markets the strengths of its kits, makes the kits available for online purchase and offers technical support to its buyers.

Included in the kits are scripts designed to simplify the task of infecting computers - the buyer spams out a message to email addresses, inviting recipients to visit a compromised web site.

Samples found by Sophos's global network of monitoring stations used newsworthy topics to lure unwary users. One presented itself as a warning of the deadly H5N1 bird flu virus, providing links to a bogus web site, which purported to contain advice on how to protect "you and your family". The other claims that Slobodan Milosevic was murdered and invites users to visit the site for more information. These web sites then attempt to download the malicious code remotely onto the user's PC by taking advantage of known web browser and operating system vulnerabilities.

Carole Theriault, senior security consultant at Sophos, said,

"This type of behaviour is inviting the return of what we call script-kiddies. By simplifying the task of the potential hacker and making it available so cheaply, sites like this one will attract opportunists who aren't necessarily very skilled and turn them into cyber-criminals."

JavaScript code on the infected web sites detects the visiting computer's browser version and operating system, including any installed patches, and launches the most appropriate exploit. The exploit downloads a program that attempts to turn off the firewall and install malware, generally a password stealer, keylogger or a banking Trojan. Sophos protection, Troj/Dloadr-ADU, has been available since 13 March, 2006.

"The underground cyber economy is, in some ways, very similar to the one most of us operate by - everyone wants a piece of the action," continued Theriault. "The more common cyber attacks become, the more of these types of sites offering kits, databases of email addresses, and bespoke Trojans and spyware we will see. So as long as the money continues to flow, there will be interested parties."

As ever, we recommend you keep your anti-virus software up to date.
 
No reader comments posted Reader Comments: 0 Contact Peter Smith, the author of this article View a printer friendly version of this article Email this article to a friend RSS Feeds
Your Verification Number:

Please enter your Verification Number:

Related Articles:
Israeli spyware couple fined $423,000 and sentenced to jail for two years
FTC shuts down spyware operation
Spyware definition finalised
Study shows spyware problem growing
 
Recent Articles In Security:
Spam and scareware showing significant growth
Phorm reveals a new chairman and a new strategy
US authorities pursuing Gary McKinnon to the end
BBC online spam documentary may breach UK laws
Online fraud happens to the best of us!
 
Other Recent Articles:
New white label system for the flatshare market arrives
Fwd4.Me provide a handy new URL shortening service
Is Nokia set to release a Nokia branded laptop?
Is the world of Internet blogging out of control?
EU authorities step into Phorm row
 

 © 2010 I.T. Vibe - All Rights Reserved - All Trademarks Recognised - Privacy Policy - Terms & Conditions