MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

29.12.09

Exploit packs and their relationship with the rogue

Fraudulent activity they related to each other through "associates" of business in which each cell officiates as an intra-organizational structure, complementing a company engaged in such illegal activities.

In this sense, the rogue (also called scareware), has a significant amount of "affiliates" who are responsible for the distribution of malicious code. In fact, a recent study by the FBI noted that the estimated losses due to rogue amount to USD 150 million.

It shows why all those old social engineering strategies that often leave a sense of triviality still very effective, and why many professionals in the criminal field, seeking to expand their criminal activities and gains, migrate their efforts merge dissemination strategies with BlackHat SEO techniques or even type, with Exploits Pack as in this case.

A case in point is the recent emergence Exploit Pack called Siberia Exploit pack within its structure that includes a file called file.exe. When the user reaches one of the domains used by crimeware, an exploit (usually through pdf files) is responsible exploit the vulnerability, download malware from a predetermined domain and execute it.

Once the malware infects your system, make a Desktop Hijack showing the warning of an infection through the message "YOUR SYSTEM IS INFECTED!".

After that, the system starts to display popups (characteristic of adware) converting the system into the nest of rogue and reference point of a botnet. However, regardless of the infection, these popups are part of the campaign of deception and psychological action of malware.

First, because the installed antivirus course far from resolving the problems, made worse by downloading malicious code or by opening more ports for accessing other threats. Furthermore, because the warnings of infection, besides being aggressive, are completely untrue, and the aim is to "scare" the end user to "buying" the fake antivirus.

Related information
Siberia Exploit Pack. Another package of explois In-the-Wild
Anti-Virus Live 2010. Talking with the enemy
A recent tour of scareware XIX
Scareware. Estrategia de engaño propuesta por Personal Antivirus
Campaña de propagación del scareware MalwareRemovalBot

Jorge Mieres

0 comentarios:

Post a Comment