Archive for July, 2007
Ice(Pack) for the summer
It’s summer, about 29ºC - 84ºF in Bilbao, a sunny and beautiful day. Good time for an ice-cream. But today we’ll change the menu and we’ll have an IcePack instead.
IcePack Platinum is the name of a new “Kit for installing malware through exploits”. Regarding the exploits it uses, nothing new can be added, it is very similar to Mpack, which takes advantage of the last exploits that have appeared. This way, they have more chances to infect the users that are not patched with the last updates:
- MS06-014 Internet Explorer 6 - MS06-006 Firefox 1.5
- MS06-006 Opera 7
- WVF Overflow
- QuickTime Overflow
- WinZip Overflow
- VML Overflow
Here you have an image of the ftp checker:
IcePack is programmed by other group (IDT Group) different from Mpack creators (Dream Coders Team) . The price of this tool is also lower than the Mpack and can be purchased for $400 .
Ice(Pack) for the summer
It’s summer, about 29ºC - 84ºF in Bilbao, a sunny and beautiful day. Good time for an ice-cream. But today we’ll change the menu and we’ll have an IcePack instead.
IcePack Platinum is the name of a new “Kit for installing malware through exploits”. Regarding the exploits it uses, nothing new can be added, it is very similar to Mpack, which takes advantage of the last exploits that have appeared. This way, they have more chances to infect the users that are not patched with the last updates:
- MS06-014 Internet Explorer 6 - MS06-006 Firefox 1.5
- MS06-006 Opera 7
- WVF Overflow
- QuickTime Overflow
- WinZip Overflow
- VML Overflow
Here you have an image of the ftp checker:
IcePack is programmed by other group (IDT Group) different from Mpack creators (Dream Coders Team) . The price of this tool is also lower than the Mpack and can be purchased for $400 .
XRumer
As we commented in Spam in PHP forums and in Spam in PHP forums (II), it has become more and more usual to see websites (forums, blogs, wikis, guestbooks, etc…) that contain advertising comments or links that direct to sites that infect with malware.
We are going to talk about a program that allows this type of comments to be created: the XRumer.
It is sold for $450, and for $50 more you can have the Hrefer, which includes more functions.
This application, with regard to the web section, is more powerful than Zunker, as this is only able to post in phpBB and VBulleting.
Xrumer allows to post in phpBB and PHP-Nuke (with any modification), yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, and phorum.org.
Basically, it follows the process below:
It looks for websites where comments can be inserted.
It registers itself as a user.
It posts the message.
This type of websites usually include human verification codes, in order to make automatic registration more difficult for this kind of robots or they use filters in order to block IP addresses that carry out suspicious operations.
That’s why, this program is able to recognize the texts in the following type of images:
It also allows to connect to a list of proxies in order to use different IP addresses.
Here you have a video where the working of the program is shown.
According to the comments of its creators, it is able to post 1100 links in only 15 minutes.