MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

4.1.10

State of the art in Eleonore Exploit Pack

Since launching the first version in June 2009, Eleonore Exploit Pack has a major impact in the criminal field, both from the demand to get the Exploit Pack because of its cost competitive compared to similar web applications, as its high rate of activity.

It currently has a repertoire of 6 (six) versions, the last being 1.3.2, recently appeared on the scene underground at a cost of USD 1000.

This means that its author, ExManoize, the package was updated approximately every month, giving a concrete idea of the effort placed in its development, and that obviously isn't by vocation but responds, part of the fraudulent business, collaborating with the creation and maintaining one of the "tools" used in the criminal field.

The structure of this crimeware is quite complex and has a repertoire of 13 (thirteen) exploits by default included in the package and include:
  • MDAC for MSIE
  • MS009-02 for MSIE
  • ActiveX pack. Funciona en MSIE
  • compareTo for Firefox
  • JNO (JS navigator Object Code) for Firefox
  • MS06-006 for Firefox
  • Font tags for Firefox
  • Telnet for Opera
  • PDF collab.getIcon for all browser
  • PDF Util.Printf for all browser
  • PDF collab.collectEmailInfo for all browser
  • PDF Doc.media.newPlayer for all browser
  • Java calendar for all browser
Obviously, like any service that is offered in a market model, and it's crimeware including this, the "provider" secure the support, updates and cleanup of the package if necessary. All business!

From a historical standpoint, Eleonore Exploit Pack updatesare:
  • In June 2009 is available to the public the sale of Eleonore Exploit Pack v1.0 containing MDAC exploits, MS009-02, Snapshot, Telnet (for opera), PDF collab.getIcon, Util.Printf PDF, PDF collab.collectEmailInfo. Its value was in principle not of USD 599.
  • In July 2009 is updated to version 1.1 and adds two more exploits: Font tags that explodes in Firefox 3.5 and DirectX DirectShow that explodes in IE 6 and 7. Furthermore, there are improvements in encryption scripts. Its value was USD 500, and the previous version under the price to USD 300.
  • During the month of July, add the exploit Spreadsheet, PDF files are changed, eliminating the capture of images and adds the ability to upload a file through the admin panel itself. The version is called 1.2 and its cost is set at USD 700.
  • After a period of three months without updates in October is version 1.3, incorporating more features in the package fraudulent. Among them, some "improvements" exploits for Internet Explorer and adds Java D&E. The cost of this version was USD 1000.
  • In November began the marketing of version 1.3.1, which exploits continue to refine and, inter alia, add a Robots.txt file to improve the indexing and prevent certain folders are displayed. The price remained at USD 1000.
  • During this time period, could be found In-the-Wild a private beta (1.3B).
  • On December 16, is the latest version, 1.3.2 that adds Java calendar and a recent vulnerability Exploit for PDF Doc.media.newPlayer, which until then was a 0-Day. Its value was unchanged.
From the standpoint of the employer, the infrastructure to handle the business of botnets is to assemble and put into operation through a dedicated server can also be hired. However, to obtain the economic benefit of the zombies is needed because without them there could be fraudulent better job for schools are designed. In fact, the package is updated fairly regularly, demonstrates that the benefits obtained through these activities are important.

Moreover, regardless of the cost has crimeware, there are "extra services" offered by the developer, which are not included in the original package, for example, cleaning of the botnet at a cost USD 50, as the malicious domain change for the same value, USD 50.

Alternatively, botmaster (not necessarily the web application developers) often rent their botnet partially, and in the case of Eleonore Exploit Pack v1.3.2, your rent is USD 40 per day.

Related information
Siberia Exploit Pack. Another package of explois I...
RussKill. Application to perform denial of service...
JustExploit. New Exploit kit that uses vulnerabili...
DDoS Botnet. New crimeware particular purpose
T-IFRAMER. Kit for the injection of malware In-the...
Fragus. New botnet framework In-the-Wild
Liberty Exploit System. Alternatively crimeware to...
TRiAD Botnet III. Remote administration of multi-p...
Eleonore Exploits Pack. New Crimeware In-the-Wild

Jorge Mieres

2 comentarios:

Anonymous said...

Excellent business! Really nice. The gays are real HI-TECH profy.

Anonymous said...

A yo tengo la version 1.4.4 i gratis [?]

Post a Comment