Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43431
  • Total Topics: 16526
  • Online today: 2972
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2939
Total: 2940









Author Topic: Evilgrade, exploit code targets Mac OS X, iTunes, Java, Winzip...  (Read 3995 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A researcher from Argentina has released an exploit package that can install malware on end user machines that run iTunes, Mac OS X, Winzip and a host of other popular software.

Evilgrade is the brainchild of Francisco Amato and works by exploiting weaknesses in the automatic upgrade feature of an affected program or operating system. It works only when a man-in-the-middle attack has first been carried out, but thanks to the domain name system vulnerability that has dominated security coverage ever since researcher Dan Kaminsky sounded the alarm three weeks ago, that's not much of a problem.
 

The demo here: http://www.infobyte.com.ar/demo/evilgrade.htm ,shows just how effective Evilgrade is now that the exploit code for the devastating DNS bug was folded into Metasploit. It shows how the upgrade feature on Sun's ubiquitous Java runtime environment can be targeted to remotely execute arbitrary code on a fully-patched machine.

In addition to iTunes, Mac OS X, Winzip and Java, other programs that Evilgrade can attack include Winamp, Notebook, OpenOffice, Notepad++, Speedbit and the Linkedin Toolbar.

Amato, of Infobyte Computing Security Research, isn't the only researcher who's been thinking about security weaknesses in updating features. Security consultant Derek Callaway of Security Objectives has recently issued advisories warning against serious vulnerabilities in both Lenovo laptops and Cygwin, a tool that creates a Linux-like environment on Windows PCs. Like the exploits carried out by Evilgrade, the attacks Callaway warns of also rely on a man-in-the-middle condition, in which attackers are able to sit in between the victim and a trusted site.

The DNS bug discovered by Kaminsky isn't the only way to create a man-in-the-middle condition. Other attacks involving DNS, ARP and DHCP spoofing can also suffice, and with the recent release of a program called KARMetaSploitt (a combination of Metasploit and KARMA that's included within the latest BackTrack LiveCD), there's yet another menu-driven way to achieve the effect.

News Source: The Register

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023