Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3467
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Eleonore malware toolkit explots 1.2m computers around a Net  (Read 2455 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Security firm, AVG, says a two-month study has resulted in its discovery of a network of 1.2 million malware-infected computers controlled by cybercriminals who were using the Eleonore exploit toolkit, commercial attack software which enables cyber criminals to infect and monitor compromised PCs.

According to AVG it researched 165 Eleonore toolkits in use by cyber criminals and concluded that those using the Eleonore exploit toolkit were experiencing a “10 percent success rate in infecting the more than 12 million users visiting their compromised web pages,” with all 165 domains experiencing high volumes of traffic which the cyber criminals managed to compromise.

According to Lloyd Borrett, so-called “security evangelist” at AVG Australia and New Zealand, “the accessibility and sophistication of easy-to-use cyber criminal toolkits proves that cyber gangs are raising the bar to monetise their criminal activities,” and, he added, “that is why it’s more important than ever for families, corporations and other computer users to protect their computers from being targeted by this kind of increasingly popular cyber attack by using AVG anti-virus and web security tools like LinkScanner that AVG offers free.”

AVG says that, although you may assume that the cyber criminals making and using these toolkits are software experts, the reality is that even malicious code writers leave vulnerabilities in their code. “Taking advantage of one of the weaknesses in the Eleonore toolkit, AVG researchers were able to collect statistics that allowed them to gain a better understanding of the magnitude of such attacks and the average success rate in infecting PCs by these toolkits.”

Borrett says that “the first step to silently infecting a user’s machine with malware is to exploit a vulnerability in their browser or other applications running on their machine. Successfully exploiting a vulnerability enables the cyber criminal to load and install the actual malware that can steal data and enable the criminal to later auction the PC online as a DDoS bot or a spam sending machine.”

AVG reports that Eleonore exploit toolkit utilises the following vulnerabilities to exploit PCs:

•&nbsp&nbsp Sun JVM vulnerabilities

•&nbsp&nbsp Adobe Acrobat Reader vulnerabilities

•&nbsp&nbsp Various IE6 vulnerabilities

•&nbsp&nbsp Various IE7 vulnerabilities

•&nbsp&nbsp Various FireFox vulnerabilities


(ITW)

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising