Power of Thought

If you haven’t heard…

Security researchers at Symantec have verified that a large-scale web attack targeting Italian web sites and their users is underway…

The attackers used a “commercial” malware kit called MPack, which is sold by a Russian gang. Currently at version 0.86, MPack provides would-be malware installers with a complete package that can be installed on any web server that runs PHP with an SQL database. The owners of MPack have been selling it to other criminal organizations for between $700 and $1,000 a pop, with additional exploit modules available for between $50 and $150. For an additional $30, the MPack owners will include a feature that helps prevent the malware from being detected by antivirus programs…

Link to Article

Panda Software have written a report known as MPack uncovered, which not only describes MPack, but includes parts of its source code as well!

It is written in PHP but the actual exploits are output in JavaScript. With this code, I could exploit Windows Media Player for example (page 13) if a user is not correctly patched against it.

Now if MPack’s source code was “leaked” onto the Internet then it would be a different story. The fact that Panda Software, a well known and trusted computer security company, has publicly revealed dangerous parts of MPack’s code, leads me to question whether this was a smart move.

Revealing the code has made MPack pretty much worthless, no one is going to want to buy it now that the source code is available. Also it has raised awareness of the script and what it can do, which might encourage people to update their software.

On the other hand it’s created competition, as scripting kiddies have realised that they can make their own versions of MPack to. Also this might inspire other people to try and update MPack to use the latest exploits that haven’t been patched yet. So now we have more dangerous toolkits on the market, thanks to Panda Software.