Branded as WebAttacker, the script-kiddies' dream kit provides an overview and index to all the freeware and shareware spyware creation packages available on the Internet. The kit includes spam-sending techniques to lure victims to compromised Web sites and a number of applets and scripts that simplify the task of infecting computers.
Researchers at SophosLabs discovered the spyware kit on a Russian Web site run by self-professed spyware and adware developers. The kit is available for sale directly from the site, which even offers technical support to buyers.
Ron O'Brien, senior technology analyst at Sophos, said samples of the malware kit include timely spam-run themes—such as bird-flu protection and Slobodan Milosevic murder conspiracy theories—to guide online criminals through social engineering attacks.
One pre-prepared spyware email presents itself as a warning of the deadly H5N1 bird flu virus, providing links to a bogus Web site, which purports to contain advice on how to protect "you and your family," whilst another claims that Slobodan Milosevic was murdered and invites users to visit a Web site for more information.
These websites then attempt to download the malicious code remotely onto the user's PC by taking advantage of known Web browser and operating system vulnerabilities.
JavaScript code on the infected websites detects the visiting computer's browser version and operating system, including any installed patches, and launches the most appropriate exploit. The exploit downloads a program that attempts to turn off the firewall and install malware, generally a password stealer, keylogger or a banking Trojan, said Sophos.
"Making spyware available on the cheap means that technical skill has been removed as an entry-level barrier to spamming and hacking. Now even dim-witted miscreants will be able to join the world of cyber-crime," said O'Brien.
Earlier this year, researchers at Sunbelt Software uncovered a special program that was being used to create keystroke loggers (aka keyloggers) and Trojans to target customers of financial institutions in the United Kingdom, United States and Canada.
The Trojan builder provided an easy-to-use interface for creating new variants of malware that can steal credit card numbers and online banking log-ins from machines on which it is installed, and can direct e-Gold payments into an account owned by the attacker.
"This type of behavior is inviting the return of what we call script-kiddies," said Carole Theriault, senior security consultant at Sophos.
"The underground cyber economy is, in some ways, very similar to the one most of us operate by - everyone wants a piece of the action," continued Theriault. "The more common cyber attacks become, the more of these types of sites offering kits, databases of email addresses, and bespoke Trojans and spyware we will see. So as long as the money continues to flow, there will be interested parties."
Spam Daily News
Total Members: 14197
Topic: Russians selling ''spyware for lamers'' kits for $15 (Read 3067 times)
