|
| Russian spyware kits are being sold on the
web. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have
discovered a Russian website that sells spyware kits, called
WebAttacker, for fifteen US dollars (about ten UK pounds). The
website, which refers to its creators as spyware and adware
developers, markets the strengths of its kits, makes the kits
available for online purchase and offers technical support to its
buyers.
Included in the kits are scripts designed to simplify the task
of infecting computers - the buyer spams out a message to email
addresses, inviting recipients to visit a compromised website.
Samples found by Sophos's global network of monitoring stations
used newsworthy topics to lure unwary users. One presented itself
as a warning of the deadly H5N1 bird flu virus, providing links to
a bogus website, which purported to contain advice on how to
protect "you and your family". The other claims that Slobodan
Milosevic was murdered and invites users to visit the site for more
information. These websites then attempt to download the malicious
code remotely onto the user's PC by taking advantage of known web
browser and operating system vulnerabilities.
"This type of behaviour is inviting the return of what we call
script-kiddies," said Carole Theriault, senior
security consultant at Sophos. "By simplifying the task of the
potential hacker and making it available so cheaply, sites like
this one will attract opportunists who aren't necessarily very
skilled and turn them into cybercriminals."
JavaScript code on the infected websites detects the visiting
computer's browser version and operating system, including any
installed patches, and launches the most appropriate exploit. The
exploit downloads a program that attempts to turn off the firewall
and install malware, generally a password stealer, keylogger or a
banking Trojan. Sophos protection for Troj/Dloadr-ADU has
been available since 13 March, 2006.
"The underground cyber economy is, in some ways, very similar to
the one most of us operate by - everyone wants a piece of the
action," continued Theriault. "The more common cyber attacks
become, the more of these types of sites offering kits, databases
of email addresses, and bespoke Trojans and spyware we will see. So
as long as the money continues to flow, there will be interested
parties."
Sophos recommends that all companies protect their computers
with a consolidated solution to thwart the
threats of spam, spyware and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.