MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Gangsterware. Stealth Shield of the Malware

A few days ago I watched one of the training of BlackHat Webcast whose title is the same as used for this post, where people of M86Security was assigned to conduct a superficial talking about the main vectors of infection today. Putting focus primarily on Exploit Packs, and emphasizing time on the modus operandi of Phoenix Kit Exploit, Neosploit and Open Source Exploit Kit (a lot of impact between the "would-be criminals" because of his condition "free").

The training was very good for those who want to begin investigating the characterization of this type of crimeware, in this case through the criminal crannies that hide three Exploit Packs that are active criminal living in the ecosystem. So... a bravo! to the authors of the brief training. The slide can be viewed from the BlackHat Media.

However, know that the evolution of these crimeware is very fast, that the offer is very broad and very specific demand. Then leave the links of some of the Exploit Pack that somehow have been exposed through MalwareIntelligence along a good few years:

[6.10.10] Eleonore Exploit Pack. New version
[1.10.10] Phoenix Exploit’s Kit v2.3 Inside
[30.9.10] Black Hole Exploits Kit. Another crimeware in addition to criminal supply
[8.9.10] Phoenix Exploit’s Kit v2.1 Inside
[18.8.10] State of the art in Phoenix Exploit's Kit
[9.8.10] Campaign infection through Phoenix Exploit's Pack
[11.7.10] YES Exploit System and Crimeware-as-a-Service
[3.7.10] BOMBA Botnet. New alternative crimeware fuel the economy criminal
[24.6.10] State of the art in Eleonore Exploit Pack II
[28.5.10] Intelligence and operational level by Siberia Exploit Pack
[19.5.10] State of the art in CRiMEPACK Exploit Pack
[28.3.10] iPack y GOLOD. New on the scene crimeware criminal
[16.1.10] YES Exploit System. Official Business Partner’s
[9.1.10] Napoleon Sploit. Frameware Exploit Pack
[3.1.10] State of the art in Eleonore Exploit Pack
[25.12.09] Siberia Exploit Pack. Another package of explois In-the-Wild
[3.12.09] A brief glance inside Fragus
[29.11.09] JustExploit. New Exploit kit that uses vulnerabilities in Java
[26.9.09] Nueva versión de Eleonore Exploits Pack In-the-Wild
[15.8.09] Fragus. New botnet framework In-the-Wild
[14.8.09] Liberty Exploit System. Alternatively crimeware to control botnets
[4.8.09] Eleonore Exploits Pack. New crimeware In-the-Wild
[29.6.09] ElFiesta. Recruitment zombie across multiple threats
[14.6.09] Mirando de cerca la estructura de Unique Sploits Pack
[27.5.09] Unique Sploits Pack. Manipulando la seguridad del atacante II
[21.5.09] YES Exploit System. Manipulando la seguridad del atacante
[12.4.09] YES Exploit System. Otro crimeware made in Rusia
[6.3.09] Unique Sploits Pack. Crimeware to automate the exploitation of vulnerabilities
[27.2.09] LuckySploit, the right hand of ZeuS

Alejandro Cantis
Crimeware Research

Ver más