An exclusive gaming industry community targeted
to, and designed for Professionals, Businesses
and Students in the sectors and industries
of Gaming, New Media and the Web, all closely
related with it's Business and Industry.
A Rich content driven service including articles,
contributed discussion, news, reviews, networking, downloads,
and debate.
We strive to cater for cultural influencers,
technology decision makers, early adopters and business leaders in the gaming industry.
A medium to share your or contribute your ideas,
experiences, questions and point of view or network
with other colleagues here at iVirtua Community.
A new kit for sale in the digital underground makes it easier for fraudsters to run more sophisticated phishing fraud attacks.
You don't need to spend years learning the finer points of TCP/IP, server-side scripting or the Windows API, for instance, to start infecting PCs with your own flavour of malware. Just spend $700 on a copy of MPack, and this nasty server-based toolkit, written in PHP, will do all the work for you. It's so easy that just about anyone can do it.
Of course, there have been plenty of malware creation kits before, but MPack stands out for its high level of sophistication. The MPack code checks the operating system and browser, then selectively works out which exploits it can try, and these cover Windows, Linux and Mac OS, six different browsers, common tools such as Quicklime, WinZIP, and a whole lot more. And don't think you'll be safe from MPack by sticking to trusted websites, either. Last June saw around 80,000 unique IP addresses compromised by MPack-related code in just a few
days. The servers (mostly in Italy but with others dotted around the world) had been hacked, possibly via a cPanel exploit, and (Frame code had been injected into whatever pages they hosted. This informs the browser of any visitor to load the malicious MPack code, yet displays no visible sign of what's going on, so the attempted infection is entirely invisible.
MPack doesn't handle the injection process itself, but Symantec has revealed that there are other tools available to help. One (Frame manager is particularly impressive, automating the process of injecting the (Frames for you, even able to check the Google PageRank of target sites to ensure you'll receive plenty of traffic. Again, there's minimal specialist knowledge required - all you really need to know is where to buy it. And once you're set up, MPack also comes with a variety of unpleasant downloaders that you can force on to your unsuspecting visitors. Keyloggers, Trojans, bots, they're all here, and many come with the ability to avoid antivirus toots, bypass firewalls and more.
Having this level of malware available to anyone with enough cash is a worrying development, but even MPack is significantly less dangerous if you follow a few basic rules.
What's more, is that MPack can be free. It took me about 10 seconds to opne google, entering the terms "Mpack rapidshare.com" in to google, to find a readily available copy of the software in the first page of results, for free. I strongly suggest you do not attempt to visit any of the sites listed there; and certainly do not endorse them, and they will probably contain malicious software too anyway.
This is MPack:
Wikipedia Tells us...
Quote:
In computer security, MPack is a PHP-based malware kit produced by Russian hackers. The first version was released in December 2006. Since then a new version is thought to have been released roughly every month. It is thought to have been used to infect up to 160,000 PCs with keylogging software.
Unusually for such kits, MPack is sold as commercial software (costing $500 to $1,000 US), and is provided by its developers with technical support and regular updates of the software vulnerabilities it exploits. Modules are sold by the developers containing new exploits. These cost between $50 and $150 US depending on how severe the exploit is. The developers also charge to make the scripts and executables undetectable by antivirus software.
The server-side software in the kit is able to customize attacks to a variety of web browsers including Microsoft Internet Explorer, Mozilla Firefox and Opera. MPack generally works by being loaded in an IFrame attached to the bottom of a hacked website. When a user visits the page, MPack sends a script that loads in the IFrame and determines if any vulnerabilities in the browser or operating system can be exploited. If it finds any, it will exploit them and store various statistics for future reference.
Included with the server is a management console, which allows the attacker deploying the software to view statistics about the computers that have been infected, including what web browsers they were using and what countries their connections originated from.