MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


State of the art in Eleonore Exploit Pack II

Undoubtedly the crimeware rate exploit pack and malware kit, whether these general purpose, such as ZeuS or as RussKill particular purpose, have become the creme de la creme of computer crime and synonymous with the easy for cybercriminals.

Based on this, one of the fastest growing crimeware over the past six months is Eleonore Exploit Pack. He is currently on the lips of many would-be cyber criminals who use, and safety professionals who have noticed its impact within the crime scene because of its increasingly progressive recruitment of followers, which justifies the reason for investigation.

Earlier this year we gave to know how the developer of this application site was releasing different versions of crimeware and from the final version of the time (1.3.2) to current (1.4.1), things have changed little.

The truth is that, as shown in the image, attack coverage including a considerable number of operating systems, an aspect that also has become a trend for some exploits pack, as the case of Siberia Exploit Pack, until even shares a similar taste to a story in this design.

But again let's review the chronology of the emergence of different versions:

The basis of this botnet is hosted in the U.S., the vendor under the Secured Private Network on ASN22298, it also hosts malware type rogue, fakeAV, some other trojans, variants of ZeuS, even some families Koobface and maintained by business services QuadraNet led by a spammer Israeli named Ilan Mishan, also well known in the offense to give the necessary resources to accommodate hosting activities spam, scam, phishing, pornography, including through other companies such as OC-3 Networks and PacificRack bonded under QuadraNet.

Despite having the C&C in the U.S., the highest rate of activity is in Eastern Europe, just in Ukraine where the largest number of computers whose security has been breached by one of the many exploits that are disseminated Eleonore Exploit Pack.

On the other hand, it's interesting to know the web pages through which refer to the pre-compiled exploits Eleonore. The lists are usually very long and quite varied between subjects, which usually characterize the pages that have sexually explicit content, the spread of FakeAV, casinos and pharmacies online, among others.

Also, another closely linked with the scenario that represents the business of these criminal activities: affiliate programs. In this case, one is promoted for the purchase of web traffic, where the axis of business is to get money through advertising and injected into web pages displayed in popup windows.

Related information
State of the art in Eleonore Exploit Pack
Eleonore Exploits Pack. New Crimeware In-the-Wild
Nueva versiĆ³n de Eleonore Exploits Pack In-the-Wild
Phishing campaign aimed at players Zynga

0 comentarios:

Post a Comment